Skip to content

[ML] Add Sandbox2 security integration for PyTorch inference #2873

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

[ML] Add Sandbox2 security integration for PyTorch inference #2873

wants to merge 7 commits into from
+1,395 −4

Conversation

@valeriy42
Copy link
Contributor

@valeriy42 valeriy42 commented Oct 28, 2025

Overview

This PR introduces Sandbox2 security integration to enhance the security posture of the PyTorch inference process in the ML-CPP codebase.

Changes

Security Enhancements

  • Sandbox2 Integration: Added comprehensive Sandbox2 security framework integration
  • Process Isolation: Implemented secure process spawning with privilege dropping
  • Security Testing: Added comprehensive test suite to validate security constraints

Build System Updates

  • CMake Integration: Updated build system to include Sandbox2 dependencies
  • Third-party Dependencies: Added Abseil and Sandbox2 as third-party dependencies
  • License Compliance: Added proper license files for all new dependencies

Key Components

  • Core implementation for secure process spawning
  • Comprehensive test suite validating security constraints
  • Updated CMakeLists.txt files across multiple components
  • Proper license attribution for all dependencies

Security Benefits

  • Process Isolation: PyTorch inference processes run in isolated sandboxes
  • Privilege Dropping: Processes run with minimal required privileges
  • Resource Constraints: Sandbox2 enforces memory, CPU, and system call limitations
  • Attack Surface Reduction: Malicious PyTorch models cannot escape sandbox constraints

Testing

  • Added comprehensive unit tests validating security constraints
  • Tests verify privilege dropping, resource limits, and sandbox enforcement
  • All existing tests continue to pass

Dependencies

  • Sandbox2: Google's sandboxing framework for Linux
  • Abseil: Google's C++ common libraries (required by Sandbox2)

This enhancement significantly improves the security posture of the ML-CPP system by ensuring that PyTorch inference processes cannot compromise the host system.

@prodsecmachine
Copy link

prodsecmachine commented Oct 28, 2025
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Licenses 0 0 0 0 0 issues
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@valeriy42 valeriy42 changed the title Add Sandbox2 security integration for PyTorch inference [ML] Add Sandbox2 security integration for PyTorch inference Oct 28, 2025
@valeriy42 valeriy42 marked this pull request as draft October 28, 2025 14:00
@valeriy42
Enhance Sandbox2 integration tests and policy handling
2c5775e 
- Added new tests for Sandbox2 functionality, including privilege validation, filesystem isolation, and syscall filtering.
- Introduced a TestCleanup class for managing temporary files during tests.
- Updated the CDetachedProcessSpawner_Linux.cc to support new command line arguments for log handling and model path.
- Renamed modelDir to modelPath for clarity and adjusted policy building to accommodate file access.
- Improved overall test coverage for Sandbox2 features and ensured graceful degradation when Sandbox2 is not available.
@valeriy42
Refactor Sandbox2 handling in CDetachedProcessSpawner_Linux
9b8da0f 
- Improved error handling for cases when Sandbox2 is disabled or unavailable for pytorch_inference processes.
- Enhanced logging to provide clearer feedback on spawning failures with Sandbox2.
- Updated comments for clarity regarding the fallback to standard posix_spawn for non-pytorch_inference processes.
@valeriy42
Implement Sandbox2 syscall policy for ML processes
ac67539 
- Added a new function to apply standard ML syscall restrictions using Sandbox2's PolicyBuilder, ensuring consistent security across ML processes.
- Updated the CDetachedProcessSpawner_Linux to utilize the new syscall policy for pytorch_inference, eliminating the need for seccomp filtering in this context.
- Enhanced comments and documentation to outline future migration plans for other ML processes to Sandbox2.
- Noted the gradual transition from seccomp filters to Sandbox2 policies in the CSystemCallFilter_Linux implementation.
@valeriy42
formatting
b43e999
@valeriy42
fix header
5cd22f9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

>enhancement :ml v9.3.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@valeriy42 @prodsecmachine