Skip to content

Commit a29cf17

Browse files
authored
Merge pull request #9 from fullzer4/release/0.1.1
Release v0.1.1
2 parents e276714 + dcd6671 commit a29cf17

44 files changed

Lines changed: 2378 additions & 1669 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.cargo/config.toml

Lines changed: 0 additions & 13 deletions
This file was deleted.

.github/workflows/ci.yml

Lines changed: 41 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -6,53 +6,59 @@ on:
66
pull_request:
77
branches: [main]
88

9-
env:
10-
CARGO_TERM_COLOR: always
11-
RUSTFLAGS: -Dwarnings
9+
concurrency:
10+
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
11+
cancel-in-progress: true
1212

1313
jobs:
14-
fmt:
15-
name: Format
14+
nix-checks:
15+
name: Nix Checks
1616
runs-on: ubuntu-latest
17+
permissions:
18+
id-token: write
19+
contents: read
1720
steps:
1821
- uses: actions/checkout@v4
19-
- run: rustup component add rustfmt
20-
- run: cargo fmt --all --check
22+
- uses: DeterminateSystems/determinate-nix-action@v3
23+
- uses: DeterminateSystems/magic-nix-cache-action@main
24+
- name: Run checks (clippy, fmt, test, doc)
25+
run: nix flake check -L
2126

22-
clippy:
23-
name: Clippy
24-
runs-on: ubuntu-latest
25-
steps:
26-
- uses: actions/checkout@v4
27-
- run: rustup component add clippy
28-
- uses: Swatinem/rust-cache@v2
29-
- run: cargo clippy --all-targets --all-features
30-
31-
doc:
32-
name: Documentation
33-
runs-on: ubuntu-latest
34-
env:
35-
RUSTDOCFLAGS: -Dwarnings
36-
steps:
37-
- uses: actions/checkout@v4
38-
- uses: Swatinem/rust-cache@v2
39-
- run: cargo doc --no-deps --all-features
40-
41-
unit-tests:
42-
name: Unit Tests
43-
runs-on: ubuntu-latest
44-
steps:
45-
- uses: actions/checkout@v4
46-
- uses: Swatinem/rust-cache@v2
47-
- run: cargo test --lib --all-features
27+
# E2E security tests require kernel 6.12+ (Landlock ABI v5).
28+
# GHA ubuntu-latest currently ships 6.11; image 20260209 has 6.14 but hasn't propagated yet.
29+
# Uncomment when runners get kernel 6.12+.
30+
#
31+
# e2e:
32+
# name: E2E (${{ matrix.distro }})
33+
# runs-on: ubuntu-latest
34+
# needs: nix-checks
35+
# permissions:
36+
# id-token: write
37+
# contents: read
38+
# strategy:
39+
# fail-fast: false
40+
# matrix:
41+
# distro: [ubuntu:24.04, fedora:41, alpine:3.21]
42+
# steps:
43+
# - uses: actions/checkout@v4
44+
# - uses: DeterminateSystems/determinate-nix-action@v3
45+
# - uses: DeterminateSystems/magic-nix-cache-action@main
46+
# - name: Build security test binary
47+
# run: nix build -L .#security-test-bin
48+
# - name: Run security tests in ${{ matrix.distro }}
49+
# run: |
50+
# TEST_BIN=$(realpath result/bin/security_tests-*)
51+
# docker run --rm --privileged \
52+
# -v /nix/store:/nix/store:ro \
53+
# ${{ matrix.distro }} \
54+
# "$TEST_BIN" --ignored --test-threads=1
4855

4956
semver-check:
5057
name: SemVer Check
5158
runs-on: ubuntu-latest
5259
steps:
5360
- uses: actions/checkout@v4
5461
- uses: Swatinem/rust-cache@v2
55-
- name: Check semver
56-
uses: obi1kenobi/cargo-semver-checks-action@v2
62+
- uses: obi1kenobi/cargo-semver-checks-action@v2
5763
with:
5864
package: evalbox

.gitignore

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
11
.direnv
22
target/
3-
bindings/
3+
bindings/
4+
5+
# Local cargo config
6+
.cargo/

CHANGELOG.md

Lines changed: 37 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,40 @@ All notable changes to this project will be documented in this file.
55
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
66
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
77

8+
## [0.1.1] - 2026-02-22
9+
10+
### Changed
11+
12+
- **Architecture: remove namespace isolation, use Landlock v5 as primary**
13+
- Removed user, PID, network, mount, UTS, and IPC namespaces
14+
- Removed `pivot_root` and bind mount rootfs setup
15+
- Landlock v5 replaces namespaces for filesystem, network, signal, and IPC control
16+
- Plain `fork()` instead of `clone()` with `CLONE_NEW*` flags
17+
- Minimum kernel raised from 5.13 to 6.12 (Landlock ABI 5)
18+
19+
- **Resource limits moved to dedicated module** (`isolation/rlimits.rs`)
20+
- `RLIMIT_DATA` (256 MiB) instead of `RLIMIT_AS` (breaks Go/Java/V8 runtimes)
21+
- Added `RLIMIT_CPU`, `RLIMIT_CORE`, `RLIMIT_STACK`
22+
23+
- **Nix flake migrated to flake-parts + import-tree**
24+
- Auto-discovery of modules via `import-tree ./nix`
25+
- Removed manual `forAllSystems` boilerplate
26+
- Restricted to `x86_64-linux` (arm not yet supported)
27+
28+
### Added
29+
30+
- Seccomp user notify support (`SECCOMP_RET_USER_NOTIF`) for optional syscall interception
31+
- `nix run .#test-all` to run the full security test suite
32+
- `SECURITY.md` — GitHub standard vulnerability reporting policy
33+
- `CONTRIBUTING.md` — development setup, testing guide
34+
- Security hardening roadmap (UDP filtering, /proc restriction, optional PID namespace)
35+
36+
### Removed
37+
38+
- `crates/evalbox-sandbox/src/isolation/namespace.rs` — namespace setup
39+
- `crates/evalbox-sandbox/src/isolation/rootfs.rs` — pivot_root + bind mounts
40+
- `nix/lib.nix`, `nix/checks.nix`, `nix/tests/` — replaced by flake-parts modules
41+
842
## [0.1.0] - 2025-02-17
943

1044
### Added
@@ -19,14 +53,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
1953
- Go runtime with compilation caching
2054
- Shell runtime for script execution
2155

22-
- **Security isolation** (7 layers of defense)
23-
- User namespaces (unprivileged containers)
24-
- PID namespace (process isolation)
25-
- Network namespace (network isolation)
26-
- Mount namespace + pivot_root (filesystem isolation)
27-
- Landlock LSM (kernel-enforced filesystem rules)
56+
- **Security isolation**
57+
- Landlock v5 (filesystem, network, signal, IPC access control)
2858
- Seccomp BPF (syscall whitelist with ~100 allowed syscalls)
2959
- Resource limits (memory, PIDs, file descriptors, timeout)
60+
- Privilege hardening (NO_NEW_PRIVS, securebits, capability drop)
3061

3162
- **Seccomp filtering**
3263
- Whitelist-based syscall filter

CONTRIBUTING.md

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,80 @@
1+
# Contributing
2+
3+
## Development Setup
4+
5+
evalbox uses Nix for a reproducible dev environment:
6+
7+
```bash
8+
nix develop
9+
```
10+
11+
This provides the Rust toolchain, GCC (for test payloads), Python, and Go.
12+
13+
## Building
14+
15+
```bash
16+
cargo build
17+
```
18+
19+
## Testing
20+
21+
### Fast checks (CI)
22+
23+
```bash
24+
# Runs via nix: clippy, fmt, unit tests, docs
25+
nix flake check
26+
```
27+
28+
Or manually:
29+
30+
```bash
31+
cargo clippy --all-targets -- -D warnings
32+
cargo fmt --check
33+
cargo test --lib
34+
cargo doc --no-deps
35+
```
36+
37+
### Full test suite (requires user namespaces)
38+
39+
```bash
40+
nix run .#test-all
41+
```
42+
43+
Or manually:
44+
45+
```bash
46+
cargo build -p evalbox-sandbox
47+
cargo test -p evalbox-sandbox --test security_tests --ignored -- --test-threads=1
48+
```
49+
50+
The security tests require Linux with user namespaces enabled. They compile C payloads that attempt real exploit techniques (CVEs, syscall abuse, escape vectors) and verify the sandbox blocks them.
51+
52+
### Running specific test categories
53+
54+
```bash
55+
cargo test -p evalbox-sandbox --test security_tests seccomp -- --ignored
56+
cargo test -p evalbox-sandbox --test security_tests filesystem -- --ignored
57+
cargo test -p evalbox-sandbox --test security_tests network -- --ignored
58+
cargo test -p evalbox-sandbox --test security_tests cve -- --ignored
59+
cargo test -p evalbox-sandbox --test security_tests resources -- --ignored
60+
```
61+
62+
## Project Structure
63+
64+
```
65+
evalbox/ # Public API, language runtimes
66+
evalbox-sandbox/ # Sandbox orchestration, isolation
67+
evalbox-sys/ # Low-level Linux syscall wrappers
68+
```
69+
70+
See [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md) for details.
71+
72+
## Pull Requests
73+
74+
- Run `nix flake check` before submitting
75+
- Security-related changes should include tests in `crates/evalbox-sandbox/tests/security/`
76+
- Keep the seccomp whitelist minimal: don't add syscalls without justification
77+
78+
## Security
79+
80+
Found a vulnerability? See [SECURITY.md](SECURITY.md) for reporting instructions.

Cargo.lock

Lines changed: 2 additions & 20 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,9 @@ members = [
66
"crates/evalbox-sandbox",
77
]
88

9+
[workspace.metadata.crane]
10+
name = "evalbox"
11+
912
[workspace.package]
1013
version = "0.1.1"
1114
edition = "2024"
@@ -30,7 +33,7 @@ rustix = { version = "1", features = ["event", "process", "system", "mount", "fs
3033
thiserror = "2"
3134
tempfile = "3"
3235
mio = { version = "1.0", features = ["os-poll", "os-ext"] }
33-
which = "7"
36+
which = "8"
3437

3538
[workspace.lints.rust]
3639
unsafe_op_in_unsafe_fn = "warn"
@@ -39,7 +42,6 @@ unused_must_use = "warn"
3942

4043
[workspace.lints.clippy]
4144
all = { level = "warn", priority = -1 }
42-
# Useful pedantic lints (not all)
4345
cast_possible_truncation = "warn"
4446
cast_sign_loss = "warn"
4547
cloned_instead_of_copied = "warn"

README.md

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ Execute code like `eval()`, but safe. No containers, no VMs, no root.
1212
- **Simple** - One function call, security handled for you
1313
- **Multi-language** - Python, Go, and shell/terminal commands
1414
- **Fast** - Millisecond startup, no containers or VMs
15-
- **Secure** - 7 layers of isolation (namespaces, Landlock, seccomp, rlimits)
15+
- **Secure** - Landlock v5 + seccomp-BPF + rlimits, no namespaces needed
1616

1717
## Quick Start
1818

@@ -38,8 +38,8 @@ let output = shell::run("curl https://example.com")
3838

3939
## Requirements
4040

41-
- Linux kernel 5.13+ (Landlock ABI 1+)
42-
- User namespaces enabled
41+
- Linux kernel 6.12+ (Landlock ABI 5)
42+
- Seccomp enabled
4343

4444
## Installation
4545

@@ -50,15 +50,16 @@ evalbox = { version = "0.1", features = ["python", "go", "shell"] }
5050

5151
## Security
5252

53-
7 layers of isolation: user namespaces, PID namespace, network namespace, mount namespace + pivot_root, Landlock LSM, seccomp BPF, rlimits.
53+
Isolation via Landlock v5 (filesystem + network + signal + IPC scoping), seccomp-BPF (syscall whitelist), rlimits, privilege hardening (NO_NEW_PRIVS, securebits, capability drop).
5454

55-
See [SECURITY.md](docs/SECURITY.md) for threat model and CVE protections.
55+
See [Security Model](docs/SECURITY_MODEL.md) for threat model and CVE protections.
5656

5757
## Documentation
5858

5959
- [Architecture](docs/ARCHITECTURE.md)
60-
- [Security Model](docs/SECURITY.md)
60+
- [Security Model](docs/SECURITY_MODEL.md)
6161
- [Roadmap](docs/ROADMAP.md)
62+
- [Contributing](CONTRIBUTING.md)
6263

6364
## License
6465

0 commit comments

Comments
 (0)