Skip to content

fix(sandbox): skip non-existent paths instead of abandoning Landlock ruleset#669

Open
latenighthackathon wants to merge 1 commit intoNVIDIA:mainfrom
latenighthackathon:fix/landlock-skip-missing-paths
Open

fix(sandbox): skip non-existent paths instead of abandoning Landlock ruleset#669
latenighthackathon wants to merge 1 commit intoNVIDIA:mainfrom
latenighthackathon:fix/landlock-skip-missing-paths

Conversation

@latenighthackathon
Copy link
Copy Markdown
Contributor

@latenighthackathon latenighthackathon commented Mar 30, 2026

Summary

When a single path in the filesystem policy did not exist (e.g., /app in container images without that directory), PathFd::new() failed and the ? operator propagated the error to abandon the entire Landlock ruleset. Under the default best_effort compatibility mode, this silently disabled all filesystem restrictions for the sandbox.

This is a critical security degradation: one missing optional path causes the entire filesystem sandbox to be dropped, leaving the container with zero filesystem isolation.

Fix

Replace the ? operator on PathFd::new() with per-path match statements that:

  • Warn and skip individual non-existent paths
  • Continue building the ruleset from remaining valid paths
  • Preserve filesystem isolation even when optional paths are missing

The existing error handling for ruleset creation and restrict_self() is unchanged. Only PathFd::new() failures are handled per-path.

Test plan

  • Sandbox with all valid paths: Landlock applied normally (no regression)
  • Sandbox with one missing path (e.g., /app): warning logged, remaining paths still enforced
  • Sandbox with all paths missing: existing best_effort degradation behavior unchanged
  • hard_requirement mode with missing path: still returns error (unchanged)
  • cargo test passes

Closes #664

I have read the DCO document and I hereby sign the DCO.

@latenighthackathon
fix(sandbox): skip non-existent paths instead of abandoning Landlock …
af95776 
…ruleset

When a single path in the filesystem policy did not exist,
PathFd::new() failed and the error propagated via ? to abandon
the entire Landlock ruleset. Under the default best_effort
compatibility mode, this silently disabled all filesystem
restrictions for the sandbox.

Replace the ? operator with per-path match statements that warn
and skip individual non-existent paths while continuing to build
the ruleset from remaining valid paths. This preserves filesystem
isolation even when optional paths like /app are missing from the
container image.

Closes NVIDIA#664

Signed-off-by: latenighthackathon <latenighthackathon@users.noreply.github.com>
@latenighthackathon latenighthackathon requested a review from a team as a code owner March 30, 2026 03:42
@latenighthackathon
Copy link
Copy Markdown
Contributor Author

latenighthackathon commented Mar 30, 2026

I have read the DCO document and I hereby sign the DCO.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

bug: Landlock ruleset abandoned entirely when a single path does not exist

1 participant

@latenighthackathon