search

servo / gaol

Cross-platform application sandboxing for Rust
Apache License 2.0
343 stars 40 forks source link

FreeBSD support #38

Closed jdm closed 5 years ago

jdm commented 7 years ago 
   Compiling gaol v0.0.1 (https://github.com/servo/gaol#227ff0ba)
error[E0432]: unresolved import `platform::process`
  --> /path/to/servo/.cargo/git/checkouts/gaol-c3a1e33941376f84/227ff0b/sandbox.rs:13:25
   |
13 | use platform::process::{self, Process};
   |                         ^^^^ no `process` in `platform`

error[E0432]: unresolved import `platform::process`
  --> /path/to/servo/.cargo/git/checkouts/gaol-c3a1e33941376f84/227ff0b/sandbox.rs:13:15
   |
13 | use platform::process::{self, Process};
   |               ^^^^^^^ Could not find `process` in `platform`

error[E0432]: unresolved import `platform::ChildSandbox`
  --> /path/to/servo/.cargo/git/checkouts/gaol-c3a1e33941376f84/227ff0b/sandbox.rs:22:20
   |
22 | pub use platform::{ChildSandbox, Sandbox};
   |                    ^^^^^^^^^^^^ no `ChildSandbox` in `platform`

error[E0432]: unresolved import `platform::Sandbox`
  --> /path/to/servo/.cargo/git/checkouts/gaol-c3a1e33941376f84/227ff0b/sandbox.rs:22:34
   |
22 | pub use platform::{ChildSandbox, Sandbox};
   |                                  ^^^^^^^ no `Sandbox` in `platform`

error[E0412]: cannot find type `Operation` in module `platform`
  --> /path/to/servo/.cargo/git/checkouts/gaol-c3a1e33941376f84/227ff0b/profile.rs:99:32
   |
99 |     PlatformSpecific(platform::Operation),
   |                                ^^^^^^^^^ not found in `platform`
   |
help: possible candidate is found in another module, you can import it into scope
   |
13 | use profile::Operation;
   |

error[E0599]: no method named `support` found for type `&profile::Operation` in the current scope
   --> /path/to/servo/.cargo/git/checkouts/gaol-c3a1e33941376f84/227ff0b/profile.rs:132:29
    |
132 |             match operation.support() {
    |                             ^^^^^^^
    |
    = help: items from traits can only be used if the trait is implemented and in scope
    = note: the following trait defines an item `support`, perhaps you need to implement it:
            candidate #1: `profile::OperationSupport`

error: aborting due to 6 previous errors

error: Could not compile `gaol`.
valpackett commented 7 years ago

(I was just writing this in https://github.com/servo/servo/issues/11625 … :D)

Gaol is designed around a syscall filtering model like seccomp/pledge, not an object-capability model like Capsicum. (I made a little crate that's better suited for Capsicum — including the awesome openat trick.)

I can add a Capsicum backend for Gaol that disallows everything :) but Servo would have to pass all the descriptors from a privileged process or open them beforehand.

Looks like the content process sandbox only needs /dev/urandom and a resources directory! So it should be possible to open these things before starting the sandbox, and use the openat crate to open the resources under the directory.

valpackett commented 7 years ago

Actually /dev/urandom might not even be necessary. If Servo uses the rand crate (I haven't checked), it uses sysctl kern.arandom :)