Problem Statement
Preface
After #1650 is merged, the sandbox creation crates are split into 3 new ones:
openshell-sandbox (will become openshell-supervisor)openshell-supervisor-processopenshell-supervisor-network
The PR that introduced the split was intentionally naive - there were no designs applied to the code, and no new abstractions were introduced that would help with the flow and readability of the code.
The split was introduced using this rough reasoning:
- Define what the pure
network functionality is (mostly everything that the HTTP CONNECTO proxy implements)
- Define what the pure
process functionality is (mostly all isolation techniques and runtime auditing like the bypass monitor)
- Define common requirements of both crates (types & functions)
This approach lead to a natural restructuring of the code, specifically:
- Shared types and most* functions moved to
openshell-core when appropriate
- Non-shared types and modules moved to their respective crate owner (e.g. l7 module moved to
network crate)
- Shared "helper" tasks/threads spawned in the
openshell-supervisor a.k.a orchestrator crate (e.g. denial aggregator & activity aggregator threads)
Proposed Design
Cleanup tasks
Since the movement of the code had been done in a naive manner, a bunch of cleanup and introduction of helper abstractions can be applied. List of improvements in no particular order:
- Rename
openshell-sandbox -> openshell-supervisor NOTE: Breaking
- Cleanup the
pid and probe_path loops that wait for the 2 values to be available.
- Deduplicate code of
procfs functions in both supervisor-network and supervisor-process (e.g. introduce new crate)
- Introduce a better entrypoint for both
supervisor-network and supervisor-process (currently run_networking and run_process)
- Potentially wrap the
NetworkNamespace variable in run_sandbox with a shared pointer and pass to process and network rather than having the run_sandbox hold it.
- TBD
Checklist
Problem Statement
Preface
After #1650 is merged, the sandbox creation crates are split into 3 new ones:
openshell-sandbox(will becomeopenshell-supervisor)openshell-supervisor-processopenshell-supervisor-networkThe PR that introduced the split was intentionally naive - there were no designs applied to the code, and no new abstractions were introduced that would help with the flow and readability of the code.
The split was introduced using this rough reasoning:
networkfunctionality is (mostly everything that the HTTP CONNECTO proxy implements)processfunctionality is (mostly all isolation techniques and runtime auditing like the bypass monitor)This approach lead to a natural restructuring of the code, specifically:
openshell-corewhen appropriatenetworkcrate)openshell-supervisora.k.a orchestrator crate (e.g. denial aggregator & activity aggregator threads)Proposed Design
Cleanup tasks
Since the movement of the code had been done in a naive manner, a bunch of cleanup and introduction of helper abstractions can be applied. List of improvements in no particular order:
openshell-sandbox->openshell-supervisorNOTE: Breakingpidandprobe_pathloops that wait for the 2 values to be available.procfsfunctions in bothsupervisor-networkandsupervisor-process(e.g. introduce new crate)supervisor-networkandsupervisor-process(currentlyrun_networkingandrun_process)NetworkNamespacevariable inrun_sandboxwith a shared pointer and pass toprocessandnetworkrather than having therun_sandboxhold it.Checklist