Linux sandbox seccomp (#22815)

Co-authored-by: Gal Zahavi <38544478+galz10@users.noreply.github.com>
2026-05-12 12:54:07 -07:00 · 2026-03-17 20:29:13 +00:00
parent 82d8680dcc
commit 2f90b46537
3 changed files with 99 additions and 11 deletions
@@ -22,8 +22,16 @@ describe('LinuxSandboxManager', () => {

    const result = await manager.prepareCommand(req);

-    expect(result.program).toBe('bwrap');
-    expect(result.args).toEqual([
+    expect(result.program).toBe('sh');
+    expect(result.args[0]).toBe('-c');
+    expect(result.args[1]).toBe(
+      'bpf_path="$1"; shift; exec bwrap "$@" 9< "$bpf_path"',
+    );
+    expect(result.args[2]).toBe('_');
+    expect(result.args[3]).toMatch(/gemini-cli-seccomp-.*\.bpf$/);
+
+    const bwrapArgs = result.args.slice(4);
+    expect(bwrapArgs).toEqual([
      '--unshare-all',
      '--new-session',
      '--die-with-parent',
@@ -39,6 +47,8 @@ describe('LinuxSandboxManager', () => {
      '--bind',
      workspace,
      workspace,
+      '--seccomp',
+      '9',
      '--',
      'ls',
      '-la',
@@ -59,8 +69,16 @@ describe('LinuxSandboxManager', () => {

    const result = await manager.prepareCommand(req);

-    expect(result.program).toBe('bwrap');
-    expect(result.args).toEqual([
+    expect(result.program).toBe('sh');
+    expect(result.args[0]).toBe('-c');
+    expect(result.args[1]).toBe(
+      'bpf_path="$1"; shift; exec bwrap "$@" 9< "$bpf_path"',
+    );
+    expect(result.args[2]).toBe('_');
+    expect(result.args[3]).toMatch(/gemini-cli-seccomp-.*\.bpf$/);
+
+    const bwrapArgs = result.args.slice(4);
+    expect(bwrapArgs).toEqual([
      '--unshare-all',
      '--new-session',
      '--die-with-parent',
@@ -82,6 +100,8 @@ describe('LinuxSandboxManager', () => {
      '--bind',
      '/opt/tools',
      '/opt/tools',
+      '--seccomp',
+      '9',
      '--',
      'node',
      'script.js',