Skip to content

Bind proxy to jail veth host IP in strong mode (fix #31)#33

Merged
ammario merged 4 commits intomainfrom
blink/fix-strong-jail-bind-ip
Sep 12, 2025
Merged

Bind proxy to jail veth host IP in strong mode (fix #31)#33
ammario merged 4 commits intomainfrom
blink/fix-strong-jail-bind-ip

Conversation

@blink-so
Copy link
Copy Markdown
Contributor

@blink-so blink-so Bot commented Sep 11, 2025

Problem

  • In strong jail mode the proxy bound to 0.0.0.0, exposing ports on all interfaces.

What changed

  • main: create JailConfig early and bind the proxy to the per‑jail veth host IP (10.99.X.1) on Linux
  • jail/linux: expose LinuxJail::compute_host_ip_for_jail_id(jail_id)
  • proxy: use IP_FREEBIND on Linux so we can bind to the veth IP before the interface exists; random-port binding uses the same path
  • cargo: add socket2 (linux‑only)

Result

  • Proxy listens only on the jail’s veth host IP in strong mode; no exposure on other interfaces.

Testing

  • Built the binary and ran unit tests: cargo test --lib (all passed)
  • Integration tests not executed here (they require root/network permissions)

Fixes #31

blink-so Bot and others added 3 commits September 11, 2025 20:30
@blink-so
Security: bind proxy to jail veth host IP in strong mode (fix #31)\n\…
940f7f0 
…n- main: create JailConfig early and bind proxy to per-jail veth host IP on Linux\n- jail/linux: expose LinuxJail::compute_host_ip_for_jail_id(jail_id)\n- proxy: bind using IP_FREEBIND on Linux so we can pre-bind before interface exists\n- cargo: add socket2 (linux only)\n\nThis removes listening on 0.0.0.0 in strong jail mode to avoid exposing proxy ports.\n\nCo-authored-by: ammario <7416144+ammario@users.noreply.github.com>
@blink-so
proxy: use bind_ipv4_listener (IP_FREEBIND) for all binds; fix clippy…
fb1d296 
… cfg blocks in main.rs\n\nThis ensures strong-mode binds succeed before veth IP exists and satisfies clippy.\n\nCo-authored-by: ammario <7416144+ammario@users.noreply.github.com>
@ammario
fix: resolve formatting and clippy warnings on macOS
ee4611e 
- Apply cargo fmt to fix formatting issues
- Move Ipv4Addr import to Linux-only scope to fix unused import warning on macOS
@ammario ammario marked this pull request as ready for review September 12, 2025 04:44
@ammario ammario enabled auto-merge (squash) September 12, 2025 04:44
@ammario ammario merged commit 81f78c4 into main Sep 12, 2025
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Security: Proxy binds to 0.0.0.0 in strong jail mode

1 participant

@ammario