MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-04-21 18:44:30 -07:00
Code Issues Packages Projects Releases Wiki Activity

fix(core): implement __read and __write commands in sandbox managers (#24283)

Browse Source
This commit is contained in:
Gal Zahavi
2026-03-31 12:39:51 -07:00
committed by GitHub
parent 7e117ac0ac
commit 554a5a36a3
7 changed files with 112 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/core/src/sandbox/linux/LinuxSandboxManager.test.ts
+2 -2
View File
@@ -317,7 +317,7 @@ describe('LinuxSandboxManager', () => {
);
});
it('should not grant read-write access to allowedPaths inside the workspace when readonly mode is active', async () => {
it('should grant read-write access to allowedPaths inside the workspace even when readonly mode is active', async () => {
const manager = new LinuxSandboxManager({
workspace,
modeConfig: { readonly: true },
@@ -333,7 +333,7 @@ describe('LinuxSandboxManager', () => {
});
const bwrapArgs = result.args;
const bindIndex = bwrapArgs.indexOf(workspace + '/subdirectory');
expect(bwrapArgs[bindIndex - 1]).toBe('--ro-bind-try');
expect(bwrapArgs[bindIndex - 1]).toBe('--bind-try');
});
it('should not bind the workspace twice even if it has a trailing slash in allowedPaths', async () => {
packages/core/src/sandbox/linux/LinuxSandboxManager.ts
+10 -9
View File
@@ -40,6 +40,7 @@ import {
isDangerousCommand,
} from '../utils/commandSafety.js';
import { parsePosixSandboxDenials } from '../utils/sandboxDenialUtils.js';
import { handleReadWriteCommands } from '../utils/sandboxReadWriteUtils.js';
let cachedBpfPath: string | undefined;
@@ -211,6 +212,13 @@ export class LinuxSandboxManager implements SandboxManager {
false,
};
const { command: finalCommand, args: finalArgs } = handleReadWriteCommands(
req,
mergedAdditional,
this.options.workspace,
req.policy?.allowedPaths,
);
const sanitizationConfig = getSecureSanitizationConfig(
req.policy?.sanitizationConfig,
);
@@ -279,14 +287,7 @@ export class LinuxSandboxManager implements SandboxManager {
if (!fs.existsSync(resolved)) continue;
const normalizedAllowedPath = normalize(resolved).replace(/\/$/, '');
if (normalizedAllowedPath !== normalizedWorkspace) {
if (
!workspaceWrite &&
normalizedAllowedPath.startsWith(normalizedWorkspace + '/')
) {
bwrapArgs.push('--ro-bind-try', resolved, resolved);
} else {
bwrapArgs.push('--bind-try', resolved, resolved);
}
bwrapArgs.push('--bind-try', resolved, resolved);
}
}
@@ -362,7 +363,7 @@ export class LinuxSandboxManager implements SandboxManager {
const bpfPath = getSeccompBpfPath();
bwrapArgs.push('--seccomp', '9');
bwrapArgs.push('--', req.command, ...req.args);
bwrapArgs.push('--', finalCommand, ...finalArgs);
const shArgs = [
'-c',