Skip to content

fix(sidecar): never tree-sync a host root of "/" into the kernel#251

Merged
NathanFlurry merged 1 commit into
mainfrom
stack/fix-sidecar-never-tree-sync-a-host-root-of-into-the-kernel-qkypkvos
Jul 3, 2026
Merged

fix(sidecar): never tree-sync a host root of "/" into the kernel#251
NathanFlurry merged 1 commit into
mainfrom
stack/fix-sidecar-never-tree-sync-a-host-root-of-into-the-kernel-qkypkvos

Conversation

@NathanFlurry

Copy link
Copy Markdown
Member

A tracked process whose host cwd is the filesystem root (the
ActiveProcess::new default when a test or embedder registers a process
without setting it) made the host-write sync walk the ENTIRE host
filesystem into the kernel VFS until the size/inode caps fired. No
sanctioned flow shadows the host root wholesale — host access is scoped
through mounts — so skip that walk with a warning.

A tracked process whose host cwd is the filesystem root (the
ActiveProcess::new default when a test or embedder registers a process
without setting it) made the host-write sync walk the ENTIRE host
filesystem into the kernel VFS until the size/inode caps fired. No
sanctioned flow shadows the host root wholesale — host access is scoped
through mounts — so skip that walk with a warning.
@NathanFlurry

Copy link
Copy Markdown
Member Author

Stack for rivet-dev/secure-exec

Get stack: forklift get 251
Push local edits: forklift submit
Merge when ready: forklift merge 251

@railway-app railway-app Bot temporarily deployed to secure-exec / secure-exec-pr-251 July 3, 2026 05:40 Destroyed
@NathanFlurry NathanFlurry merged commit d21eb86 into main Jul 3, 2026
2 of 4 checks passed
@NathanFlurry NathanFlurry deleted the stack/fix-sidecar-never-tree-sync-a-host-root-of-into-the-kernel-qkypkvos branch July 3, 2026 05:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant