From 013d86950280c8e633d8e34d2a7d0d968f72055b Mon Sep 17 00:00:00 2001 From: John Myers <9696606+johntmyers@users.noreply.github.com> Date: Tue, 24 Mar 2026 15:51:08 -0700 Subject: [PATCH 1/2] fix(sandbox): emit warning when Landlock filesystem sandbox degrades silently BestEffort Landlock previously swallowed failures at debug level, making sandbox bypass invisible to operators at default log levels. Upgrade the degradation log to warn with an actionable message pointing to the hard_requirement setting. Add info-level startup log showing the requested ABI and path counts so operators always know what Landlock protections are active. Closes #584 --- .../src/sandbox/linux/landlock.rs | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/crates/openshell-sandbox/src/sandbox/linux/landlock.rs b/crates/openshell-sandbox/src/sandbox/linux/landlock.rs index 2b9873b5..de321861 100644 --- a/crates/openshell-sandbox/src/sandbox/linux/landlock.rs +++ b/crates/openshell-sandbox/src/sandbox/linux/landlock.rs @@ -10,7 +10,7 @@ use landlock::{ }; use miette::{IntoDiagnostic, Result}; use std::path::PathBuf; -use tracing::debug; +use tracing::{debug, info, warn}; pub fn apply(policy: &SandboxPolicy, workdir: Option<&str>) -> Result<()> { let read_only = policy.filesystem.read_only.clone(); @@ -29,8 +29,16 @@ pub fn apply(policy: &SandboxPolicy, workdir: Option<&str>) -> Result<()> { return Ok(()); } + let abi = ABI::V5; + info!( + abi = ?abi, + compatibility = ?policy.landlock.compatibility, + read_only_paths = read_only.len(), + read_write_paths = read_write.len(), + "Applying Landlock filesystem sandbox" + ); + let result: Result<()> = (|| { - let abi = ABI::V2; let access_all = AccessFs::from_all(abi); let access_read = AccessFs::from_read(abi); @@ -71,7 +79,11 @@ pub fn apply(policy: &SandboxPolicy, workdir: Option<&str>) -> Result<()> { policy.landlock.compatibility, LandlockCompatibility::BestEffort ) { - debug!(error = %err, "Landlock unavailable, continuing without filesystem sandbox"); + warn!( + error = %err, + "Landlock filesystem sandbox is UNAVAILABLE — running WITHOUT filesystem restrictions. \ + Set landlock.compatibility to 'hard_requirement' to make this a fatal error." + ); return Ok(()); } return Err(err); From 3b69668078ebe1a3d4fe7cbfeeb738d1ce6a2677 Mon Sep 17 00:00:00 2001 From: John Myers Date: Wed, 25 Mar 2026 14:40:23 -0700 Subject: [PATCH 2/2] fix(sandbox): revert unintended ABI bump from V2 to V5 Signed-off-by: John Myers --- crates/openshell-sandbox/src/sandbox/linux/landlock.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/openshell-sandbox/src/sandbox/linux/landlock.rs b/crates/openshell-sandbox/src/sandbox/linux/landlock.rs index de321861..e276840d 100644 --- a/crates/openshell-sandbox/src/sandbox/linux/landlock.rs +++ b/crates/openshell-sandbox/src/sandbox/linux/landlock.rs @@ -29,7 +29,7 @@ pub fn apply(policy: &SandboxPolicy, workdir: Option<&str>) -> Result<()> { return Ok(()); } - let abi = ABI::V5; + let abi = ABI::V2; info!( abi = ?abi, compatibility = ?policy.landlock.compatibility,