chore: Enhance tmpfs security settings in Docker and service files

- Updated tmpfs mount options for /tmp in Docker Compose files to include noexec, nosuid, and nodev for improved security.
- Refactored sandbox execution commands to apply the new tmpfs settings consistently across service files.
- Introduced dynamic handling of skill dependencies with updated mount options to enhance security and isolation.

Author: usnavy13

docker-compose.prod.yml

@@ -30,7 +30,7 @@ services:
       # to the mounted files inside the container under /app/ssl.
       - ${SSL_CERTS_PATH:-./ssl}:/app/ssl:ro
     tmpfs:
-      - /tmp:size=512m,mode=1777
+      - /tmp:size=512m,mode=1777,noexec,nosuid,nodev
       - /app/data:size=100m
     depends_on:
       redis:

docker-compose.yml

@@ -30,7 +30,7 @@ services:
       # to the mounted files inside the container under /app/ssl.
       - ${SSL_CERTS_PATH:-./ssl}:/app/ssl:ro
     tmpfs:
-      - /tmp:size=512m,mode=1777
+      - /tmp:size=512m,mode=1777,noexec,nosuid,nodev
       - /app/data:size=100m
     depends_on:
       redis:

src/services/programmatic.py

@@ -187,6 +187,8 @@ async def start_execution(
             )
 
             tmpfs_size = settings.sandbox_tmpfs_size_mb
+            noexec_tmpfs = "noexec,nosuid,nodev,"
+            deps_path = settings.skill_deps_path
 
             wrapper_cmd = (
                 f"mount --bind {shlex.quote(str(sandbox_info.data_dir))} /mnt/data && "
@@ -197,8 +199,17 @@ async def start_execution(
                 f"mount -t tmpfs -o size=1k tmpfs /app/dashboard && "
                 f"mount -t tmpfs -o size=1k tmpfs /app/src && "
                 f"mount --bind /var/lib/code-interpreter/empty_proc /proc && "
-                # BUG-007: Ephemeral /tmp — prevent cross-session data persistence
-                f"mount -t tmpfs -o size={tmpfs_size}m,mode=1777 tmpfs /tmp && "
+                # BUG-007: Ephemeral /tmp with noexec,nosuid,nodev
+                f"mount -t tmpfs -o {noexec_tmpfs}size={tmpfs_size}m,mode=1777 tmpfs /tmp && "
+                # BUG-008: Lock down other writable paths
+                f"mount -t tmpfs -o {noexec_tmpfs}size=1m,mode=1777 tmpfs /var/tmp && "
+                f"mount -t tmpfs -o {noexec_tmpfs}size=1m,mode=1777 tmpfs /run/lock && "
+                f"mount -t tmpfs -o {noexec_tmpfs}size=1m,mode=1733 tmpfs /var/lib/php/sessions && "
+                # BUG-008: skill-deps nosuid,nodev (not noexec — installed CLIs need exec)
+                f"(test -d {shlex.quote(deps_path)} && "
+                f"mount --bind {shlex.quote(deps_path)} {shlex.quote(deps_path)} && "
+                f"mount -o remount,bind,nosuid,nodev {shlex.quote(deps_path)} "
+                f"|| true) && "
                 f"{nsjail_cmd}"
             )
 

src/services/sandbox/executor.py

@@ -108,6 +108,8 @@ async def execute_command(
                 )
 
             tmpfs_size = settings.sandbox_tmpfs_size_mb
+            noexec_tmpfs = "noexec,nosuid,nodev,"
+            deps_path = settings.skill_deps_path
 
             wrapper_cmd = (
                 # Bind sandbox dir to /mnt/data (before hiding sandboxes dir)
@@ -124,8 +126,17 @@ async def execute_command(
                 f"mount -t tmpfs -o size=1k tmpfs /app/src && "
                 # BUG-003: Hide /proc (except Java which needs /proc/self/exe)
                 f"{proc_mask}"
-                # BUG-007: Ephemeral /tmp — prevent cross-session data persistence
-                f"mount -t tmpfs -o size={tmpfs_size}m,mode=1777 tmpfs /tmp && "
+                # BUG-007: Ephemeral /tmp with noexec,nosuid,nodev
+                f"mount -t tmpfs -o {noexec_tmpfs}size={tmpfs_size}m,mode=1777 tmpfs /tmp && "
+                # BUG-008: Lock down other writable paths
+                f"mount -t tmpfs -o {noexec_tmpfs}size=1m,mode=1777 tmpfs /var/tmp && "
+                f"mount -t tmpfs -o {noexec_tmpfs}size=1m,mode=1777 tmpfs /run/lock && "
+                f"mount -t tmpfs -o {noexec_tmpfs}size=1m,mode=1733 tmpfs /var/lib/php/sessions && "
+                # BUG-008: skill-deps nosuid,nodev (not noexec — installed CLIs need exec)
+                f"(test -d {shlex.quote(deps_path)} && "
+                f"mount --bind {shlex.quote(deps_path)} {shlex.quote(deps_path)} && "
+                f"mount -o remount,bind,nosuid,nodev {shlex.quote(deps_path)} "
+                f"|| true) && "
                 # Execute nsjail
                 f"{nsjail_cmd}"
             )

src/services/sandbox/pool.py

@@ -391,6 +391,8 @@ async def _start_repl_process(
                 shlex.quote(str(a)) for a in [settings.nsjail_binary] + nsjail_args
             )
             tmpfs_size = settings.sandbox_tmpfs_size_mb
+            noexec_tmpfs = "noexec,nosuid,nodev,"
+            deps_path = settings.skill_deps_path
 
             wrapper_cmd = (
                 # Bind sandbox dir to /mnt/data (before hiding sandboxes dir)
@@ -407,8 +409,17 @@ async def _start_repl_process(
                 f"mount -t tmpfs -o size=1k tmpfs /app/src && "
                 # BUG-003: Hide /proc (REPL is Python-only, always safe to mask)
                 f"mount --bind /var/lib/code-interpreter/empty_proc /proc && "
-                # BUG-007: Ephemeral /tmp — prevent cross-session data persistence
-                f"mount -t tmpfs -o size={tmpfs_size}m,mode=1777 tmpfs /tmp && "
+                # BUG-007: Ephemeral /tmp with noexec,nosuid,nodev
+                f"mount -t tmpfs -o {noexec_tmpfs}size={tmpfs_size}m,mode=1777 tmpfs /tmp && "
+                # BUG-008: Lock down other writable paths
+                f"mount -t tmpfs -o {noexec_tmpfs}size=1m,mode=1777 tmpfs /var/tmp && "
+                f"mount -t tmpfs -o {noexec_tmpfs}size=1m,mode=1777 tmpfs /run/lock && "
+                f"mount -t tmpfs -o {noexec_tmpfs}size=1m,mode=1733 tmpfs /var/lib/php/sessions && "
+                # BUG-008: skill-deps nosuid,nodev (not noexec — installed CLIs need exec)
+                f"(test -d {shlex.quote(deps_path)} && "
+                f"mount --bind {shlex.quote(deps_path)} {shlex.quote(deps_path)} && "
+                f"mount -o remount,bind,nosuid,nodev {shlex.quote(deps_path)} "
+                f"|| true) && "
                 # Execute nsjail
                 f"{nsjail_cmd}"
             )