Skip to content

Reinstate manifest sandboxing #2848

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 6, 2020
Merged

Reinstate manifest sandboxing #2848

merged 4 commits into from
Aug 6, 2020

Conversation

neonichu
Copy link
Contributor

@neonichu neonichu commented Aug 5, 2020

Manifest loading has been sandboxed on macOS for a while, but the change in #2518 broke it for 5.3.

https://bugs.swift.org/browse/SR-13346
rdar://problem/66586184

neonichu added 2 commits August 5, 2020 13:55
@neonichu
Reinstate manifest sandboxing
4844778 
Manifest loading has been sandboxed on macOS for a while, but the change
in swiftlang#2518 broke it for 5.3.

https://bugs.swift.org/browse/SR-13346
rdar://problem/66586184
@neonichu
Test manifest sandboxing
125d90b 
This adds tests for manifest sandboxing. Since we made the sandbox more
restrictive in 5.3, there are two tests:
- in 5.2 we check if we can make a network request
- in 5.3 we check if we can launch a process
@neonichu
Copy link
Contributor Author

neonichu commented Aug 5, 2020

@swift-ci please smoke test

@neonichu
Copy link
Contributor Author

neonichu commented Aug 5, 2020

Looks like the 5.3 profile is actually too restrictive.

@neonichu
Copy link
Contributor Author

neonichu commented Aug 5, 2020

We need to allow process launches, so that we can even launch the compiled manifest. We also need to allow reads, because otherwise we can't load the PD dylibs.

@neonichu
Copy link
Contributor Author

neonichu commented Aug 5, 2020

@swift-ci please smoke test

@neonichu
Copy link
Contributor Author

neonichu commented Aug 5, 2020

14:36:51 2020-08-05 14:36:28.668 foo-manifest[77032:57189500] Failed to obtain sandbox extension for path=/Users/buildnode/Library/Caches/foo-manifest. Errno:1
14:36:51 Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=NSCocoaErrorDomain Code=260 "The file couldn’t be opened because it doesn’t exist." UserInfo={NSURL=http://swift.org, NSUnderlyingError=0x7f82ef804180 {Error Domain=NSURLErrorDomain Code=-1003 "A server with the specified hostname could not be found." UserInfo={NSUnderlyingError=0x7f82de40c8c0 {Error Domain=kCFErrorDomainCFNetwork Code=-1003 "A server with the specified hostname could not be found." UserInfo={NSErrorFailingURLStringKey=http://swift.org/, NSErrorFailingURLKey=http://swift.org/, _kCFStreamErrorCodeKey=-72000, _kCFStreamErrorDomainKey=10, NSLocalizedDescription=A server with the specified hostname could not be found.}}, NSErrorFailingURLStringKey=http://swift.org, NSErrorFailingURLKey=http://swift.org, _kCFStreamErrorDomainKey=10, _kCFStreamErrorCodeKey=-72000, NSLocalizedDescription=A server with the specified hostname could not be found.}}}: file /var/folders/_8/79jmzf2142z2xydc_01btlx00000gn/T/TemporaryFile.tFKpoE.swift, line 3
14:36:51 Test Case '-[PackageLoadingTests.PackageDescription5_2LoadingTests testManifestLoadingIsSandboxed]' failed (2.533 seconds).

Hm, looks like we were able to leave the sandbox on CI 🤔

@neonichu
Copy link
Contributor Author

neonichu commented Aug 5, 2020
edited
Loading

Failure happens on both macOS CI hosts, so looks like it is consistent. Locally, the test works as expected, the network call is denied. Maybe the failure happens in constructing the URL vs. the actual network call?

@tomerd
Copy link
Contributor

tomerd commented Aug 6, 2020

maybe use a different action that does not require network access?

@neonichu
Use 127.0.0.1 for the attempted network request
44c063f 
It doesn't actually matter whether or not the request would succeed
since the test assumes it will always be blocked.
@neonichu
Copy link
Contributor Author

neonichu commented Aug 6, 2020

I was intentionally using a network request since it seems important to test that this is still blocked.

@neonichu
Copy link
Contributor Author

neonichu commented Aug 6, 2020

@swift-ci please smoke test

@neonichu
Copy link
Contributor Author

neonichu commented Aug 6, 2020

Looks like using an IP address instead of a domain works.

@neonichu neonichu merged commit 4d720d6 into swiftlang:master Aug 6, 2020
@neonichu neonichu deleted the reinstate-manifest-sandboxing branch August 6, 2020 20:22
@neonichu neonichu mentioned this pull request Aug 6, 2020
Merged
@neonichu neonichu mentioned this pull request Aug 5, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aciidgh aciidgh aciidgh approved these changes

@tomerd tomerd Awaiting requested review from tomerd

@rballard rballard Awaiting requested review from rballard

@hartbit hartbit Awaiting requested review from hartbit

@abertelrud abertelrud Awaiting requested review from abertelrud

@friedbunny friedbunny Awaiting requested review from friedbunny

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@neonichu @tomerd @aciidgh