Skip to main content

Module local_env

Module local_env 

Source
Expand description

The real local-filesystem SessionEnv.

Tools run against a real directory on disk via tokio::fs + tokio::process. Confinement is fd-anchored: every read, write, search, and exec cwd is resolved off a single held root fd via openat per-component walks with O_NOFOLLOW + an authoritative fstat on the opened leaf fd. There is no canonicalize-then-contain step in any data path, so a symlink/hardlink swapped between the containment check and the operation cannot redirect a read (exfil) or a write/exec (data loss).

See SECURITY.md: this is not an OS-level sandbox (no chroot/landlock/ UID separation). The fd-anchoring closes the TOCTOU class the path-based resolve() had; it does not turn this into a security boundary against a determined adversary until OS isolation lands.

Structsยง

LocalSessionEnv
A SessionEnv backed by a real local directory.