fix: isolate workspace tmp directories#3
Open
ayomidelog wants to merge 1 commit into
Open
Conversation
Mount a private tmpfs on /tmp for each workspace session so temporary files are no longer shared through the sandbox rootfs. Before this change, workspaces had isolated /home mounts but still inherited the same /tmp from the shared sandbox rootfs. That allowed one workspace to observe temporary files created by another workspace, which breaks expected workspace isolation semantics. The workspace bootstrap path now mounts a per-workspace tmpfs at /tmp with the expected sticky-bit permissions, while keeping the existing runtime tmpfs mounts for /run/enclave/auth and /run/enclave/env. Add an ignored root integration test that starts two workspaces in the same sandbox, writes a file into /tmp in one workspace, and verifies that the second workspace cannot see it. Verification: - cargo test --all-targets -- --skip integration:: --skip stress:: - cargo clippy --all-targets -- -D warnings - sudo env ... cargo test --test integration_suite -- --ignored --test-threads=1 (the new tmp isolation test passed before an unrelated stale-veth host-network collision later in the suite)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR fixes workspace
/tmpisolation.Before this change, workspaces had isolated
/homemounts but still shared the same/tmpinherited from the sandbox rootfs. That meant one workspace could observe temporary files created by another workspace inside the same sandbox.This PR gives each workspace its own private
/tmptmpfs during session bootstrap.Problem
The current runtime model isolates:
/homeBut
/tmpwas still coming from the shared sandbox rootfs, so it behaved like shared sandbox state rather than per-workspace runtime state.In practice, that meant:
/tmpby workspace A could be visible in workspace B/tmpsemantics did not match expected workspace isolationWhat Changed
Per-workspace
/tmptmpfs mountDuring workspace bootstrap, Enclave now mounts a private tmpfs at
/tmpfor each workspace session.The mount is configured with the expected temporary-directory semantics:
mode=1777)This change is separate from the existing runtime tmpfs mounts used for:
/run/enclave/auth/run/enclave/envUser-Facing Impact
After this change:
/tmp/tmpnow behaves more like users expect from an isolated workspace environmentTests Added
Added a root integration test:
/tmpfrom workspace AThis is implemented as:
integration::tmp_isolation::workspaces_do_not_share_tmp_directory_contentsVerification
Build and static checks
cargo clippy --all-targets -- -D warningsDefault test suite
cargo test --all-targets -- --skip integration:: --skip stress::Root integration validation
sudo env ... cargo test --test integration_suite -- --ignored --test-threads=1The new tmp-isolation integration test passed. A later failure in the same ignored suite was due to an unrelated stale host-side veth collision during another network-heavy integration test, not due to the
/tmpisolation change itself.Why This Matters
/tmpis runtime state, not shared base-environment state.If workspaces are meant to be isolated execution contexts, they should not be able to observe each other's temporary files just because they share a sandbox rootfs. This PR closes that gap and makes workspace filesystem behavior more coherent.