Defense-in-depth hardening applied inside the sandbox child process immediately after startup, before it reads any untrusted input. See docs/design_docs/0023-editor_sandbox.md §"Milestone S6". More...

#include <cstddef>
#include <cstdint>
#include <string>

Include dependency graph for SandboxHardening.h:

Classes
struct	donner::editor::sandbox::HardeningOptions
	Knobs for which hardening measures to apply. Defaults match the "strict production sandbox child" profile the design doc calls out. Tests and developer tools can relax individual measures — e.g., setting requireSandboxEnv = false makes the child runnable by hand under a debugger. More...
struct	donner::editor::sandbox::HardeningResult

Namespaces
namespace	donner
	Top-level Donner namespace, which is split into different sub-namespaces such as donner::svg and donner::css.

Enumerations
enum class	donner::editor::sandbox::HardeningStatus { kOk , kMissingSandboxEnv , kChdirFailed , kCloseFdsFailed , kResourceLimitFailed , kSeccompFailed }
	Classifies the outcome of ApplyHardening. On any non-kOk status the child should exit with a usage error — hardening is all-or-nothing. More...

Functions
HardeningResult	donner::editor::sandbox::ApplyHardening (const HardeningOptions &options={})
	Applies the requested hardening measures in order. Intended to be called exactly once at the start of the child's main(), after argv parsing but before reading stdin. Safe to call from multi-threaded code in theory, but the child is single-threaded by design and the caller is expected to run this before spawning any workers.

Detailed Description

Defense-in-depth hardening applied inside the sandbox child process immediately after startup, before it reads any untrusted input. See docs/design_docs/0023-editor_sandbox.md §"Milestone S6".

S6.1 (this file) ships the portable hardening that works on Linux and macOS without extra dependencies:

Environment gate: the child refuses to run unless DONNER_SANDBOX=1 is set, so accidental direct execution (e.g., a developer running the binary by hand to reproduce a crash) fails loudly rather than silently behaving like a sandboxed child.
chdir("/"): strips the child's relative-path authority so a bug that tries to open "foo.txt" can't hit a file the host was in the middle of editing.
FD sweep: closes every inherited file descriptor above stderr. Prevents the child from accidentally holding a writable FD to the host's terminal, log file, or runfiles tree.
setrlimit caps: RLIMIT_AS (address space), RLIMIT_CPU (wall CPU seconds), RLIMIT_FSIZE (regular-file writes), and RLIMIT_NOFILE (max open files). A parser OOM or infinite-loop pathological SVG is bounded at the kernel level, not relying on host-side watchdogs.

S6.2 (follow-up): seccomp-bpf syscall allowlist on Linux, sandbox_init deny-all profile on macOS, and optional per-UID isolation. Those are intentionally out of scope for this milestone — they carry real risk of breaking the child in architecture-specific ways, and landing them behind unit tests needs more than a session's worth of iteration.

Enumeration Type Documentation

◆ HardeningStatus

enum class donner::editor::sandbox::HardeningStatus

strong

Classifies the outcome of ApplyHardening. On any non-kOk status the child should exit with a usage error — hardening is all-or-nothing.

Enumerator
kOk	Every requested measure took effect.
kMissingSandboxEnv	DONNER_SANDBOX was not set to 1.
kChdirFailed	chdir("/") returned non-zero.
kCloseFdsFailed	FD sweep failed in a way we can't recover from.
kResourceLimitFailed	One of the setrlimit calls failed.
kSeccompFailed	seccomp-bpf filter installation failed.

Classes

Namespaces

Enumerations

Functions

Detailed Description

Enumeration Type Documentation

◆ HardeningStatus