Scaffold macOS/Linux sandbox support template

HackStrix · HackStrix · commit 2d26098d0641 · 2026-03-10T02:44:32.000-04:00
diff --git a/process_worker_factory.go b/process_worker_factory.go
@@ -166,6 +166,7 @@ type ProcessFactory struct {
 	healthPath            string        // path to poll for liveness; defaults to "/health"
 	startTimeout          time.Duration // maximum time to wait for the first successful health check
 	startHealthCheckDelay time.Duration // delay the health check for the first time.
+	enableSandbox         bool          // true by default for isolation
 	counter               atomic.Int64
 }
 
@@ -183,6 +184,7 @@ func NewProcessFactory(binary string, args ...string) *ProcessFactory {
 		healthPath:            "/health",
 		startTimeout:          30 * time.Second,
 		startHealthCheckDelay: 1 * time.Second,
+		enableSandbox:         true,
 	}
 }
 
@@ -229,6 +231,14 @@ func (f *ProcessFactory) WithStartHealthCheckDelay(d time.Duration) *ProcessFact
 	return f
 }
 
+// WithInsecureSandbox disables the namespace/cgroup sandbox.
+// Use only for local debugging on non-Linux systems or when you explicitly
+// trust the spawned processes.
+func (f *ProcessFactory) WithInsecureSandbox() *ProcessFactory {
+	f.enableSandbox = false
+	return f
+}
+
 func streamLogs(workerID string, pipe io.ReadCloser, isError bool) {
 	// bufio.Scanner guarantees we read line-by-line, preventing torn logs.
 	scanner := bufio.NewScanner(pipe)
@@ -272,6 +282,14 @@ func (f *ProcessFactory) Spawn(ctx context.Context) (Worker[*http.Client], error
 	cmd := exec.Command(f.binary, resolvedArgs...)
 	cmd.Env = append(os.Environ(), append([]string{"PORT=" + portStr}, resolvedEnv...)...)
 
+	if f.enableSandbox {
+		if err := applySandboxFlags(cmd); err != nil {
+			return nil, fmt.Errorf("herd: ProcessFactory: failed to apply sandbox: %w", err)
+		}
+	} else {
+		log.Printf("[%s] WARNING: running UN-SANDBOXED. Not recommended for production.", id)
+	}
+
 	stdout, err := cmd.StdoutPipe()
 	if err != nil {
 		return nil, fmt.Errorf("herd: ProcessFactory: stdout pipe: %w", err)
diff --git a/sandbox_linux.go b/sandbox_linux.go
@@ -0,0 +1,17 @@
+//go:build linux
+
+package herd
+
+import (
+	"os/exec"
+)
+
+// applySandboxFlags applies Linux-specific sandbox isolation (Namespaces, Cgroups, Seccomp)
+// to the given command before it is started.
+func applySandboxFlags(cmd *exec.Cmd) error {
+	// TODO: Phase 1 (Namespaces) - inject syscall.SysProcAttr
+	// TODO: Phase 2 (Cgroups) - setup and apply cgroup constraints
+	// TODO: Phase 3 (Seccomp) - load BPF filters
+
+	return nil
+}
diff --git a/sandbox_unsupported.go b/sandbox_unsupported.go
@@ -0,0 +1,19 @@
+//go:build !linux
+
+package herd
+
+import (
+	"errors"
+	"os/exec"
+	"runtime"
+)
+
+// ErrSandboxUnsupported is returned when sandbox mode is requested on a non-Linux OS.
+var ErrSandboxUnsupported = errors.New("herd: security sandbox relies on Linux cgroups and namespaces, which are not supported on " + runtime.GOOS)
+
+// applySandboxFlags applies Linux-specific sandbox isolation.
+// On non-Linux systems, this returns an error if sandbox mode is enabled,
+// forcing a loud failure instead of a false sense of security.
+func applySandboxFlags(cmd *exec.Cmd) error {
+	return ErrSandboxUnsupported
+}
