Skip to content

Allow configuring sandbox option casd-socket#1945

Closed
nanonyme wants to merge 1 commit into
apache:masterfrom
nanonyme:nanonyme/casd-socket
Closed

Allow configuring sandbox option casd-socket#1945
nanonyme wants to merge 1 commit into
apache:masterfrom
nanonyme:nanonyme/casd-socket

Conversation

@nanonyme

@nanonyme nanonyme commented Aug 7, 2024

Copy link
Copy Markdown
Contributor

This declares path in sandbox where casd socket will be mounted to. Continuation of #1772

This declares path in sandbox where casd socket will be mounted to
@juergbi

juergbi commented Aug 8, 2024

Copy link
Copy Markdown
Contributor

Exposing the unfiltered buildbox-casd socket would result in exposing access to the host filesystem via the LocalCAS protocol.

An option that may be safe (to be reviewed) would be to change the instance name to a random token, generated in each BuildStream session, and then use GetInstanceNameForNamespace() to create a second instance that is then exposed to the sandbox.

Ideally, REAPI upstream would define a standard way how REAPI access can be exposed to a the action command. This shouldn't be buildbox-casd-specific and should also be supported with remote execution. Maybe configured by platform property.

@abderrahim

Copy link
Copy Markdown
Contributor

use GetInstanceNameForNamespace() to create a second instance that is then exposed to the sandbox.

I'm not sure how this works: does it create a "sandboxed" instance somehow or is it just to have the LocalCas methods apply on the sandbox instead of the host?


But this indeed needs to put some thoughts on what exactly we want to provide to the sandboxes: just CAS? CAS and action cache? do we need remote asset too? (we need to at least restrict what can be requested from remote asset). How about remote execution? maybe not by default, but it's probably what would give the most performance benefit. How about LocalCAS? do we need to restrict that?

@juergbi

juergbi commented Aug 10, 2024

Copy link
Copy Markdown
Contributor

I'm not sure how this works: does it create a "sandboxed" instance somehow or is it just to have the LocalCas methods apply on the sandbox instead of the host?

That's kind of the same thing, isn't it? Is there a particular difference between the two options that needs to be clarified? As mentioned, we should review the code to make sure it's sufficiently sandboxed, though.

just CAS? CAS and action cache? do we need remote asset too?

Yes, we certainly need to give this some more thought.

@abderrahim

Copy link
Copy Markdown
Contributor

That's kind of the same thing, isn't it? Is there a particular difference between the two options that needs to be clarified?

I meant is access to the CAS somehow sandboxed? (from your answer I guess it's not). Not that I think it should be, I just wanted clarification.

else:
stdin = subprocess.DEVNULL

if "casd-socket" in self.__config:

@abderrahim abderrahim Oct 22, 2024

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is probably a mistake: self.__config doesn't seem to exist here.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, is it the name mangling? self.__config belongs to grandparent of this class, Sandbox.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, anything that starts with two underscores is private to a class (and python enforces it)

@gtristan

Copy link
Copy Markdown
Contributor

Is it fair to say that #2014, which appears more complete, although in draft state, replaces this ?

@juergbi

juergbi commented Jun 2, 2025

Copy link
Copy Markdown
Contributor

Yes, #2014 replaces this PR.

@juergbi juergbi closed this Jun 2, 2025
@nanonyme nanonyme deleted the nanonyme/casd-socket branch June 2, 2025 16:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants