mise 2026.4.11

The front-end to your dev env
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141

use eyre::{Result, eyre};
use landlock::{
    ABI, AccessFs, BitFlags, Compatible, PathBeneath, PathFd, Ruleset, RulesetAttr,
    RulesetCreatedAttr,
};

use super::SandboxConfig;

/// System paths that are always readable on Linux.
/// Note: /tmp and /dev are handled separately with full (read+write) access.
const SYSTEM_READ_PATHS: &[&str] = &[
    "/usr",
    "/lib",
    "/lib64",
    "/bin",
    "/sbin",
    "/etc",
    "/proc",
    "/sys",
    "/nix",
    "/snap",
    "/home/linuxbrew",
];

fn add_read_rule(
    ruleset: landlock::RulesetCreated,
    path: &str,
    access: BitFlags<AccessFs>,
) -> Result<landlock::RulesetCreated> {
    match PathFd::new(path) {
        Ok(fd) => ruleset
            .add_rule(PathBeneath::new(fd, access))
            .map_err(|e| eyre!("landlock add_rule failed for {path}: {e}")),
        Err(_) => Ok(ruleset), // Path doesn't exist, skip
    }
}

fn add_path_rule(
    ruleset: landlock::RulesetCreated,
    path: &std::path::Path,
    access: BitFlags<AccessFs>,
) -> Result<landlock::RulesetCreated> {
    match PathFd::new(path) {
        Ok(fd) => ruleset
            .add_rule(PathBeneath::new(fd, access))
            .map_err(|e| eyre!("landlock add_rule failed for {}: {e}", path.display())),
        Err(_) => {
            // Path doesn't exist — on Linux, Landlock requires existing paths.
            // This affects cases like --allow-write=./dist where the dir doesn't exist yet.
            // We warn rather than silently skipping or granting broader ancestor access.
            eprintln!(
                "mise sandbox: path '{}' does not exist, sandbox rule may not apply as expected",
                path.display()
            );
            Ok(ruleset)
        }
    }
}

/// Apply Landlock filesystem restrictions.
pub fn apply_landlock(config: &SandboxConfig) -> Result<()> {
    let abi = ABI::V5;

    let read_access = AccessFs::from_read(abi);
    let write_access = AccessFs::from_write(abi);
    let full_access = read_access | write_access;

    let deny_read = config.effective_deny_read();
    let deny_write = config.effective_deny_write();

    // Only handle the access types we're actually restricting.
    // If we handle_access(full_access) but only add read rules,
    // writes to un-ruled paths get blocked too (Landlock denies by default).
    let handled_access = match (deny_read, deny_write) {
        (true, true) => full_access,
        (true, false) => read_access,
        (false, true) => full_access, // need full to add read+write rules for allowed paths
        (false, false) => return Ok(()), // nothing to restrict
    };

    let mut ruleset = Ruleset::default()
        .handle_access(handled_access)
        .map_err(|e| eyre!("failed to create landlock ruleset: {e}"))?
        .set_compatibility(landlock::CompatLevel::BestEffort)
        .create()
        .map_err(|e| eyre!("failed to create landlock ruleset: {e}"))?;

    if deny_read && deny_write {
        // Both restricted: add read rules for system paths, full for /tmp and /dev
        for path in SYSTEM_READ_PATHS {
            ruleset = add_read_rule(ruleset, path, read_access)?;
        }
        ruleset = add_read_rule(ruleset, "/tmp", full_access)?;
        ruleset = add_read_rule(ruleset, "/dev", full_access)?;
        let installs_dir: &std::path::Path = &crate::dirs::INSTALLS;
        if installs_dir.exists() {
            ruleset = add_path_rule(ruleset, installs_dir, read_access)?;
        }
        ruleset = add_path_rule(ruleset, &crate::env::MISE_DATA_DIR, read_access)?;
        for path in &config.allow_read {
            ruleset = add_path_rule(ruleset, path, read_access)?;
        }
        for path in &config.allow_write {
            ruleset = add_path_rule(ruleset, path, full_access)?;
        }
    } else if deny_read {
        // Only reads restricted — only handle read access so writes are unaffected
        for path in SYSTEM_READ_PATHS {
            ruleset = add_read_rule(ruleset, path, read_access)?;
        }
        // /tmp and /dev need read access (not in SYSTEM_READ_PATHS, handled separately)
        ruleset = add_read_rule(ruleset, "/tmp", read_access)?;
        ruleset = add_read_rule(ruleset, "/dev", read_access)?;
        let installs_dir: &std::path::Path = &crate::dirs::INSTALLS;
        if installs_dir.exists() {
            ruleset = add_path_rule(ruleset, installs_dir, read_access)?;
        }
        ruleset = add_path_rule(ruleset, &crate::env::MISE_DATA_DIR, read_access)?;
        for path in &config.allow_read {
            ruleset = add_path_rule(ruleset, path, read_access)?;
        }
        // allow_write paths are implicitly readable
        for path in &config.allow_write {
            ruleset = add_path_rule(ruleset, path, read_access)?;
        }
    } else if deny_write {
        // Only writes restricted — allow read everywhere, deny write except allowed paths
        ruleset = add_read_rule(ruleset, "/", read_access)?;
        ruleset = add_read_rule(ruleset, "/tmp", full_access)?;
        ruleset = add_read_rule(ruleset, "/dev", full_access)?;
        for path in &config.allow_write {
            ruleset = add_path_rule(ruleset, path, full_access)?;
        }
    }

    ruleset
        .restrict_self()
        .map_err(|e| eyre!("failed to apply landlock restrictions: {e}"))?;

    Ok(())
}