Skip to content

policy_fn: extend execve argv freeze to peer processes (#27) #33

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
congwang-mk merged 1 commit into from
May 1, 2026
Merged

policy_fn: extend execve argv freeze to peer processes (#27) #33

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion crates/sandlock-core/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ pub(crate) mod random;
pub(crate) mod time;
pub(crate) mod cow;
pub(crate) mod checkpoint;
pub(crate) mod sibling_freeze;
pub(crate) mod sandbox_freeze;
pub mod netlink;
pub(crate) mod procfs;
pub(crate) mod port_remap;
Expand Down
19 changes: 12 additions & 7 deletions crates/sandlock-core/src/policy_fn.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,11 +64,15 @@ pub enum SyscallCategory {
///
/// `argv` *is* exposed for `execve`/`execveat` and is TOCTOU-safe by
/// construction: before the supervisor returns `Continue` for an
/// execve, it `PTRACE_SEIZE`+`PTRACE_INTERRUPT`s every sibling thread
/// of the calling tid so the kernel's post-Continue re-read sees the
/// same memory the supervisor inspected. Siblings are killed by the
/// kernel during execve's `de_thread` step anyway, so the pause has
/// no observable cost. See `crate::sibling_freeze`.
/// execve, it `PTRACE_SEIZE`+`PTRACE_INTERRUPT`s every task in the
/// sandbox — both sibling threads of the calling tid (same TGID, share
/// `mm_struct`) and peer threads in other TGIDs that may alias argv
/// pages via `MAP_SHARED` mappings or share `mm_struct` via
/// `clone(CLONE_VM)`. The kernel's post-Continue re-read therefore
/// sees the same memory the supervisor inspected. Siblings are killed
/// by the kernel during execve's `de_thread` step; peer threads are
/// detached after `NOTIF_SEND` and resume normally. See
/// `crate::sandbox_freeze`.
///
/// Network fields (`host`, `port`) are TOCTOU-safe because the
/// supervisor performs `connect`/`sendto`/`bind` on-behalf via
Expand All @@ -89,8 +93,9 @@ pub struct SyscallEvent {
pub port: Option<u16>,
/// Size argument (for mmap, brk).
pub size: Option<u64>,
/// Command arguments for execve/execveat. TOCTOU-safe: sibling
/// threads are frozen before the kernel re-reads.
/// Command arguments for execve/execveat. TOCTOU-safe: every task
/// in the sandbox (caller's siblings and peer processes) is frozen
/// before the kernel re-reads argv from child memory.
pub argv: Option<Vec<String>>,
/// Whether the supervisor denied this syscall.
pub denied: bool,
Expand Down
Loading
Loading