@@ -166,6 +166,7 @@ type ProcessFactory struct {
166166 healthPath string // path to poll for liveness; defaults to "/health"
167167 startTimeout time.Duration // maximum time to wait for the first successful health check
168168 startHealthCheckDelay time.Duration // delay the health check for the first time.
169+ enableSandbox bool // true by default for isolation
169170 counter atomic.Int64
170171}
171172
@@ -183,6 +184,7 @@ func NewProcessFactory(binary string, args ...string) *ProcessFactory {
183184 healthPath : "/health" ,
184185 startTimeout : 30 * time .Second ,
185186 startHealthCheckDelay : 1 * time .Second ,
187+ enableSandbox : true ,
186188 }
187189}
188190
@@ -229,6 +231,14 @@ func (f *ProcessFactory) WithStartHealthCheckDelay(d time.Duration) *ProcessFact
229231 return f
230232}
231233
234+ // WithInsecureSandbox disables the namespace/cgroup sandbox.
235+ // Use only for local debugging on non-Linux systems or when you explicitly
236+ // trust the spawned processes.
237+ func (f * ProcessFactory ) WithInsecureSandbox () * ProcessFactory {
238+ f .enableSandbox = false
239+ return f
240+ }
241+
232242func streamLogs (workerID string , pipe io.ReadCloser , isError bool ) {
233243 // bufio.Scanner guarantees we read line-by-line, preventing torn logs.
234244 scanner := bufio .NewScanner (pipe )
@@ -272,6 +282,14 @@ func (f *ProcessFactory) Spawn(ctx context.Context) (Worker[*http.Client], error
272282 cmd := exec .Command (f .binary , resolvedArgs ... )
273283 cmd .Env = append (os .Environ (), append ([]string {"PORT=" + portStr }, resolvedEnv ... )... )
274284
285+ if f .enableSandbox {
286+ if err := applySandboxFlags (cmd ); err != nil {
287+ return nil , fmt .Errorf ("herd: ProcessFactory: failed to apply sandbox: %w" , err )
288+ }
289+ } else {
290+ log .Printf ("[%s] WARNING: running UN-SANDBOXED. Not recommended for production." , id )
291+ }
292+
275293 stdout , err := cmd .StdoutPipe ()
276294 if err != nil {
277295 return nil , fmt .Errorf ("herd: ProcessFactory: stdout pipe: %w" , err )
0 commit comments