mirror of
https://github.com/anthropic-experimental/sandbox-runtime.git
synced 2026-05-07 22:20:26 +08:00
ccad82385b
This change replaces the complex nested bwrap approach with a simple apply-seccomp binary for applying seccomp filters, eliminating the need for file descriptor redirects and simplifying the sandboxing architecture. Changes: - Add apply-seccomp.c: Standalone C program that applies seccomp BPF filters and execs commands using prctl(PR_SET_SECCOMP) - Build cross-platform apply-seccomp binaries (x64, arm64) via updated build-seccomp-binaries.sh script - Update linux-sandbox-utils.ts to use apply-seccomp instead of nested bwrap with --seccomp flag - Add getApplySeccompBinaryPath() helper in generate-seccomp-filter.ts - Simplify buildSandboxCommand() by removing FD redirect logic Benefits: - Simpler implementation: No complex FD redirects (3< file, 3<&3) - More portable: Works without nested user namespace support - Easier to understand: Single-purpose tool vs nested bwrap - Same security: Identical seccomp-bpf filtering as before - All tests pass: 71 tests including integration tests The apply-seccomp binaries are statically linked and have zero runtime dependencies, making them suitable for inclusion in the package. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>