Skip to content

feat: add NixOS support#93

Merged
tito merged 2 commits into
GreyhavenHQ:mainfrom
Filirom1:feat/nixos-support
Jun 1, 2026
Merged

feat: add NixOS support#93
tito merged 2 commits into
GreyhavenHQ:mainfrom
Filirom1:feat/nixos-support

Conversation

@Filirom1
Copy link
Copy Markdown
Contributor

@Filirom1 Filirom1 commented May 19, 2026
edited
Loading

Problem

On NixOS, executables live under /nix/store and PATH entries such as /run/current-system/sw/bin are symlink chains into the store. Inside the bwrap sandbox, /run is replaced with a tmpfs, so those symlinks become dangling — tools cannot be found and the sandbox fails.

Additionally, the network namespace probe hardcoded /bin/true which does not exist on NixOS, causing greywall check to falsely report ✗ network isolation.

Fixes #81. Related to #22.

Changes

  • linux_features.go: resolve true from PATH instead of hardcoding /bin/true so the network namespace probe works on NixOS and any distro without /bin/true.
  • linux.go: mount /nix read-only (like /usr, /opt); resolve shell and sleep paths through resolveToolPath so the directory component points into /nix/store rather than the hidden /run/current-system/sw/bin.
  • linux_landlock.go: add /nix to Landlock read-allowed paths.
  • sanitize.go: rewrite PATH entries through symlinks before passing them into the sandbox, so the sandbox PATH is consistent with what is actually mounted.

Tests

On NixOS:

$ cat /etc/os-release |grep PRETTY
PRETTY_NAME="NixOS 25.11 (Xantusia)"

Before

$ greywall --linux-features
Linux Sandbox Features:
  Kernel: 6.6
  Bubblewrap (bwrap): true
  Socat: true
  Network namespace (--unshare-net): false
  Seccomp: true (log level: 2)
  Landlock: true (ABI v3)
  eBPF: false (CAP_BPF: false, root: false)
  ip (iproute2): true
  /dev/net/tun: true
  tun2socks: true (embedded)

Feature Status:
  ✓ Minimum requirements met (bwrap + socat)
  ⚠ Network namespace unavailable (containerized environment?)
    Sandbox will still work but with reduced network isolation.
    This is common in Docker, GitHub Actions, and other CI systems.
  ○ Transparent proxy not available (needs ip, /dev/net/tun, network namespace)
  ✓ Landlock available for enhanced filesystem control
  ✓ Violation monitoring available
  ○ eBPF monitoring not available (needs CAP_BPF or root)
  
$  greywall -- claude -p '1+1'
bwrap: execvp /nix/store/lfbzxs5wyqd2122mpbj5azkxhxspw9cd-bash-interactive-5.3p3/bin/bash: No such file or directory

After

$ greywall --linux-features
Linux Sandbox Features:
  Kernel: 6.6
  Bubblewrap (bwrap): true
  Socat: true
  Network namespace (--unshare-net): true
  Seccomp: true (log level: 2)
  Landlock: true (ABI v3)
  eBPF: false (CAP_BPF: false, root: false)
  ip (iproute2): true
  /dev/net/tun: true
  tun2socks: true (embedded)

Feature Status:
  ✓ Minimum requirements met (bwrap + socat)
  ✓ Network namespace isolation available
  ✓ Transparent proxy available (tun2socks + TUN device)
  ✓ Landlock available for enhanced filesystem control
  ✓ Violation monitoring available
  ○ eBPF monitoring not available (needs CAP_BPF or root)
  
  $ greywall -- claude -p '1+1'
2

@Filirom1 Filirom1 marked this pull request as draft May 19, 2026 16:26
@Filirom1 Filirom1 marked this pull request as ready for review May 27, 2026 13:14
@Filirom1
Copy link
Copy Markdown
Contributor Author

Filirom1 commented May 27, 2026

I used it for 1 week without any issue on NixOS

@tito
Copy link
Copy Markdown
Contributor

tito commented May 27, 2026

@Filirom1 Can you lint your PR to pass the test ? I'll merge it

@Filirom1 Filirom1 force-pushed the feat/nixos-support branch from 72dcf95 to b1b1db3 Compare June 1, 2026 11:59
@Filirom1
feat: add NixOS support
09d725b 
On NixOS, executables live under /nix/store and PATH entries such as
/run/current-system/sw/bin are symlinks into the store. Inside the bwrap
sandbox /run is replaced with a tmpfs, so those symlinks become
dangling.

- Replaces the hardcoded /bin/true probe with exec.LookPath("true"),
which
  works on NixOS and any distro that does not provide /bin/true.
- Mount /nix read-only in bwrap (like /usr, /opt) and add it to Landlock
  read paths so store binaries are reachable inside the sandbox.
- resolveToolPath: resolve the directory component of shell/sleep paths
to
  their real /nix/store location while preserving the basename so
  multi-call binaries (coreutils) still dispatch via argv[0].
- resolvePathInEnv: rewrite PATH entries in the hardened env to their
real
  paths and deduplicate, making the sandbox PATH consistent with what is
  actually mounted.
@Filirom1 Filirom1 force-pushed the feat/nixos-support branch from b1b1db3 to 09d725b Compare June 1, 2026 12:00
@Filirom1
Copy link
Copy Markdown
Contributor Author

Filirom1 commented Jun 1, 2026

Sorry for the delay, it's all green now: https://github.com/Filirom1/greywall/actions/runs/26753963522

@tito tito merged commit 5581056 into GreyhavenHQ:main Jun 1, 2026
4 checks passed
@tito
Copy link
Copy Markdown
Contributor

tito commented Jun 1, 2026

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tito tito tito approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bug on NixOS

2 participants

@Filirom1 @tito