koda-sandbox 0.3.1

Capability-aware sandbox layer for Koda — kernel-enforced FS/net/exec policies (refs #934)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

//! End-to-end integration tests for the `koda-fs-worker` binary
//! (updated Phase 2c of #934).
//!
//! Spawns the real binary over stdio (no Unix socket — that transport
//! is exercised by `sandboxed_fs.rs`). Validates the IPC framing and
//! handler dispatch across a real OS process boundary.

use koda_sandbox::ipc::{Request, Response, read_message, write_message};
use std::path::PathBuf;
use std::process::Stdio;
use tokio::io::{AsyncWriteExt, BufReader};
use tokio::process::Command;

/// Cargo writes binaries to `$CARGO_MANIFEST_DIR/../target/<profile>/`.
/// In integration tests, `CARGO_BIN_EXE_<name>` is the canonical way to
/// find them.
fn worker_binary() -> PathBuf {
    PathBuf::from(env!("CARGO_BIN_EXE_koda-fs-worker"))
}

#[tokio::test]
async fn worker_binary_responds_to_ping() {
    let mut child = Command::new(worker_binary())
        .stdin(Stdio::piped())
        .stdout(Stdio::piped())
        .stderr(Stdio::piped())
        .spawn()
        .expect("spawn koda-fs-worker");

    let mut stdin = child.stdin.take().expect("stdin");
    let mut stdout = BufReader::new(child.stdout.take().expect("stdout"));

    write_message(&mut stdin, &Request::Ping)
        .await
        .expect("write ping");
    let resp: Response = read_message(&mut stdout)
        .await
        .expect("read response")
        .expect("response not None");
    assert_eq!(resp, Response::Pong);

    // Tell the worker to exit and wait for clean shutdown.
    write_message(&mut stdin, &Request::Shutdown)
        .await
        .expect("write shutdown");
    let _ack: Response = read_message(&mut stdout)
        .await
        .expect("read shutdown ack")
        .expect("ack not None");
    stdin.shutdown().await.ok();
    drop(stdin);

    let status = tokio::time::timeout(std::time::Duration::from_secs(5), child.wait())
        .await
        .expect("worker must exit within 5s")
        .expect("wait failed");
    assert!(
        status.success(),
        "worker exited non-zero after Shutdown: {status:?}"
    );
}

#[tokio::test]
async fn worker_binary_handles_read_over_stdio() {
    use tempfile::TempDir;

    let dir = TempDir::new().unwrap();
    let path = dir.path().join("hello.txt");
    std::fs::write(&path, b"binary test").unwrap();

    let mut child = Command::new(worker_binary())
        .stdin(Stdio::piped())
        .stdout(Stdio::piped())
        .stderr(Stdio::piped())
        .spawn()
        .expect("spawn koda-fs-worker");

    let mut stdin = child.stdin.take().expect("stdin");
    let mut stdout = BufReader::new(child.stdout.take().expect("stdout"));

    write_message(
        &mut stdin,
        &Request::Read {
            path,
            max_bytes: None,
        },
    )
    .await
    .expect("write read");
    let resp: Response = read_message(&mut stdout)
        .await
        .expect("read response")
        .expect("response not None");
    assert_eq!(
        resp,
        Response::Read {
            content: b"binary test".to_vec()
        }
    );

    drop(stdin);
    tokio::time::timeout(std::time::Duration::from_secs(5), child.wait())
        .await
        .expect("worker must exit within 5s")
        .expect("wait");
}