| ▲ | nonameiguess 3 hours ago | |||||||
This is more a criticism of codex's linux-sandboxing, which you're just wrapping, but it's the first I've ever looked at it. I don't see how it makes sense to invoke bwrap as a forked subprocess. Bubblewrap can't do anything beyond what you can do with unshare directly, which you can simply invoke as a system call without needing to spawn a subprocess or requiring the user to have bwrap installed. It kinds of reeks of amateur hour when developers effectively just translate shell scripts into compiled languages by using whatever variant of "system" is available to make the same command invocations you would make through a shell, as opposed to actually using the system call API. Especially when the invocation is crafted from user input, there's a long history of exploits arising from stuff like this. Writing it in Rust does nothing for you when you're just using Rust to call a different CLI tool that isn't written in Rust. | ||||||||
| ▲ | simonw 2 hours ago | parent | next [-] | |||||||
Is your criticism here that there's no point in invoking bwrap directly when you could instead implement the same things that bwrap implements? I'd much rather a system call bwrap than re-implement bwrap, because bwrap has already been extensively tested. | ||||||||
| ||||||||
| ▲ | afshinmeh 3 hours ago | parent | prev [-] | |||||||
Thanks for sharing this, I read your comment multiple times. What would be the alternative though? It is true that the program being written in Rust doesn't solve the problem of spawning subprocesses, but what's the alternative in that case? | ||||||||