sandbox-core 0.2.1

Core types, errors, and capability detection for sandbox-rs
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194

//! Runtime detection of available system capabilities
//!
//! Probes the running kernel and system configuration to determine which
//! sandboxing features are available, allowing graceful degradation.

use std::path::Path;

/// Detected system capabilities for sandboxing
#[derive(Debug, Clone)]
pub struct SystemCapabilities {
    /// Running as root (euid == 0)
    pub has_root: bool,
    /// Unprivileged user namespaces are available
    pub has_user_namespaces: bool,
    /// Seccomp BPF filtering is available
    pub has_seccomp: bool,
    /// Landlock LSM is available (Linux 5.13+)
    pub has_landlock: bool,
    /// Cgroup v2 unified hierarchy is mounted
    pub has_cgroup_v2: bool,
    /// Cgroup delegation is available for current user
    pub has_cgroup_delegation: bool,
}

impl SystemCapabilities {
    /// Detect all available capabilities on the current system
    pub fn detect() -> Self {
        Self {
            has_root: detect_root(),
            has_user_namespaces: detect_user_namespaces(),
            has_seccomp: detect_seccomp(),
            has_landlock: detect_landlock(),
            has_cgroup_v2: detect_cgroup_v2(),
            has_cgroup_delegation: detect_cgroup_delegation(),
        }
    }

    /// Check if unprivileged sandboxing is possible (without root)
    pub fn can_sandbox_unprivileged(&self) -> bool {
        // At minimum we need seccomp (always available on modern kernels)
        // User namespaces and landlock are bonuses
        self.has_seccomp
    }

    /// Check if full privileged sandboxing is possible
    pub fn can_sandbox_privileged(&self) -> bool {
        self.has_root && self.has_cgroup_v2
    }

    /// Get a human-readable summary of capabilities
    pub fn summary(&self) -> String {
        let mut lines = Vec::new();
        let check = |available: bool| if available { "[ok]" } else { "[--]" };

        lines.push(format!("{} Root privileges", check(self.has_root)));
        lines.push(format!(
            "{} User namespaces",
            check(self.has_user_namespaces)
        ));
        lines.push(format!("{} Seccomp BPF", check(self.has_seccomp)));
        lines.push(format!("{} Landlock LSM", check(self.has_landlock)));
        lines.push(format!("{} Cgroup v2", check(self.has_cgroup_v2)));
        lines.push(format!(
            "{} Cgroup delegation",
            check(self.has_cgroup_delegation)
        ));

        lines.join("\n")
    }
}

fn detect_root() -> bool {
    unsafe { libc::geteuid() == 0 }
}

fn detect_user_namespaces() -> bool {
    // Check if unprivileged user namespaces are enabled
    if let Ok(content) = std::fs::read_to_string("/proc/sys/kernel/unprivileged_userns_clone")
        && content.trim() == "0"
    {
        return false;
    }

    // Also check max_user_namespaces > 0
    if let Ok(content) = std::fs::read_to_string("/proc/sys/user/max_user_namespaces")
        && let Ok(max) = content.trim().parse::<u64>()
    {
        return max > 0;
    }

    // If we can't read the files, assume available on modern kernels
    true
}

fn detect_seccomp() -> bool {
    // Check if seccomp is available via prctl
    let ret = unsafe { libc::prctl(libc::PR_GET_SECCOMP, 0, 0, 0, 0) };
    // Returns 0 if seccomp mode is disabled (available but not active)
    // Returns -1 with EINVAL if seccomp is not built into kernel
    ret >= 0
}

fn detect_landlock() -> bool {
    // Use LANDLOCK_CREATE_RULESET_VERSION to query ABI version.
    // With flags=1 and NULL attrs, this returns the highest supported
    // ABI version (an integer >= 1), NOT a file descriptor.
    let ret = unsafe {
        libc::syscall(
            libc::SYS_landlock_create_ruleset,
            std::ptr::null::<libc::c_void>(),
            0usize,
            1u32, // LANDLOCK_CREATE_RULESET_VERSION
        )
    };

    if ret >= 0 {
        // ret is the ABI version number, not a fd — do NOT close it
        return true;
    }

    // ENOSYS means landlock syscall doesn't exist
    let errno = std::io::Error::last_os_error().raw_os_error().unwrap_or(0);
    errno != libc::ENOSYS
}

fn detect_cgroup_v2() -> bool {
    Path::new("/sys/fs/cgroup/cgroup.controllers").exists()
}

fn detect_cgroup_delegation() -> bool {
    // Check if current user has a delegated cgroup slice
    let uid = unsafe { libc::geteuid() };
    if uid == 0 {
        return true; // root always has access
    }

    let user_slice = format!("/sys/fs/cgroup/user.slice/user-{}.slice", uid);
    let path = Path::new(&user_slice);

    if !path.exists() {
        return false;
    }

    // Check if we can write to the cgroup directory
    let test_path = path.join("sandbox-test-probe");
    match std::fs::create_dir(&test_path) {
        Ok(()) => {
            let _ = std::fs::remove_dir(&test_path);
            true
        }
        Err(_) => false,
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn detect_returns_valid_capabilities() {
        let caps = SystemCapabilities::detect();
        // Just verify detection doesn't panic
        let _ = caps.has_root;
        let _ = caps.has_seccomp;
        let _ = caps.has_user_namespaces;
        let _ = caps.has_landlock;
        let _ = caps.has_cgroup_v2;
        let _ = caps.has_cgroup_delegation;
    }

    #[test]
    fn summary_produces_output() {
        let caps = SystemCapabilities::detect();
        let summary = caps.summary();
        assert!(!summary.is_empty());
        assert!(summary.contains("Root privileges"));
        assert!(summary.contains("Seccomp BPF"));
    }

    #[test]
    fn seccomp_detection_works() {
        // On any modern Linux kernel, seccomp should be available
        let has = detect_seccomp();
        // We can't assert true universally, but it shouldn't panic
        let _ = has;
    }

    #[test]
    fn root_detection_matches_euid() {
        let detected = detect_root();
        let actual = unsafe { libc::geteuid() == 0 };
        assert_eq!(detected, actual);
    }
}