[Bubblewrap] Mask denied files with a /dev/null bind instead of tmpfs#623
Open
SohamDas2021 wants to merge 2 commits into
Open
[Bubblewrap] Mask denied files with a /dev/null bind instead of tmpfs#623SohamDas2021 wants to merge 2 commits into
SohamDas2021 wants to merge 2 commits into
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR improves Bubblewrap’s denied-path masking behavior so that denying a regular file no longer converts it into an empty directory (a side-effect of --tmpfs creating the mount point as a directory). It aligns Bubblewrap with the LXC backend by masking denied directories and denied non-directories differently to better preserve object type semantics.
Changes:
- Classify denied paths at runtime and mask denied non-directories via
--ro-bind /dev/null(directories remain--tmpfs). - Add unit tests for classified denied-path masking in the Bubblewrap argument builder.
- Add an end-to-end shell test + config to validate denied file vs denied directory masking behavior.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| tests/scripts/run_bwrap_denied_masking_test.sh | New end-to-end test script validating denied file vs denied directory masking semantics. |
| tests/scripts/run_bwrap_all_tests.sh | Adds the new denied-masking test to the Bubblewrap test suite runner. |
| tests/configs/bubblewrap_denied_masking.json | New Bubblewrap config fixture used by the denied-masking test. |
| src/backends/bubblewrap/common/src/bwrap_runner.rs | Classifies denied paths at runtime and passes classification into arg building. |
| src/backends/bubblewrap/common/src/bwrap_command.rs | Adds build_args_classified and unit tests to mask denied files with /dev/null instead of --tmpfs. |
a7e0e05 to
0582bac
Compare
huzaifa-d
reviewed
Jul 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📖 Description
The Bubblewrap backend masked every denied path with
--tmpfs. Mounting a tmpfs over a regular file turns it into an empty directory (bwrap creates the mount point as a dir), changing the object's type and breaking tools that expect a regular file.This PR classifies each denied path at runtime and masks it with the correct primitive:
--tmpfs(empty, no leak)./dev/null, preserving a non-directory type with empty content.This brings Bubblewrap in line with the LXC backend, which already distinguishes files from directories when masking.
🔗 References
🔍 Validation
✅ Checklist
Cargo.lock, thedependency-feed-checkcheck passes (see docs/pull-requests.md)📋 Issue Type
GitHub Actions runs the PR validation build automatically. The ADO pipeline
(
MXC-PR-Build) is the Azure version of the PR pipeline, kept in parity with the GitHubActions build; it runs on merge to
main, and Microsoft reviewers with write access can trigger iton a PR with
/azp run. See docs/pull-requests.md.If the
dependency-feed-checkcheck fails on a new dependency, the crate must be added tothe feed before the PR can pass. See docs/pull-requests.md
for the steps.
Microsoft Reviewers: Open in CodeFlow