[pitboss/grind] deferred session-0006 (20260517T044708Z-e058)

2026-06-21 20:18:06 +02:00 · 2026-05-17 02:01:36 -05:00 · 2026-05-17 02:01:36 -05:00 · 356fcaf71e
commit 356fcaf71e
parent 0ec9a9b425
5 changed files with 133 additions and 26 deletions
--- a/src/dynamic/sandbox/seccomp/mod.rs
+++ b/src/dynamic/sandbox/seccomp/mod.rs
@ -168,4 +168,24 @@ mod tests {
        assert!(nrs.contains(&write));
        assert!(nrs.contains(&close));
    }
+
+    /// `BASE` carries the interpreter cold-start trio:
+    /// `socketpair` (Node worker init), `umask` (Python tempfile init),
+    /// `setrlimit` (older glibc fallback for `prlimit64`).  Without these
+    /// a Python or Node harness aborts before printing a single line and
+    /// the Confirmed-via-`verify_finding` path is structurally
+    /// unreachable, so a regression that drops one is a load-bearing
+    /// outage rather than a code-cleanliness slip.
+    #[test]
+    fn base_allows_interpreter_cold_start_syscalls() {
+        let nrs = allowed_syscall_numbers(0);
+        for name in ["socketpair", "umask", "setrlimit"] {
+            let nr = syscall_number(name)
+                .unwrap_or_else(|| panic!("{name} missing from per-arch syscall map"));
+            assert!(
+                nrs.contains(&nr),
+                "BASE allowlist must include {name} (interpreter cold-start)",
+            );
+        }
+    }
 }
--- a/src/dynamic/sandbox/seccomp/seccomp_policy.toml
+++ b/src/dynamic/sandbox/seccomp/seccomp_policy.toml
@ -99,6 +99,19 @@ allow = [
    "sched_yield",
    "prctl",
    "membarrier",
+    # Interpreter cold-start additions.  These are universal enough that
+    # cap-gating them buys nothing while breaking real harnesses:
+    # - `socketpair(AF_UNIX, ...)` — Node v18+ binds an internal worker
+    #   thread via an anonymous Unix-domain pair; not a network reach.
+    # - `umask` — Python's `tempfile` calls it during stdlib init; only
+    #   mutates the calling process's file-creation mask.
+    # - `setrlimit` — older glibc `__libc_setrlimit` shims fall through to
+    #   the legacy syscall instead of `prlimit64`; the caller can only
+    #   lower its own limits (raise is gated by the hard limit set by the
+    #   parent before exec).
+    "socketpair",
+    "umask",
+    "setrlimit",
 ]

 [cap.SQL_QUERY]
--- a/src/dynamic/sandbox/seccomp/syscalls.rs
+++ b/src/dynamic/sandbox/seccomp/syscalls.rs
@ -57,6 +57,7 @@ pub fn syscall_number(name: &str) -> Option<u32> {
        "listen" => 50,
        "getsockname" => 51,
        "getpeername" => 52,
+        "socketpair" => 53,
        "setsockopt" => 54,
        "getsockopt" => 55,
        "clone" => 56,
@ -77,11 +78,13 @@ pub fn syscall_number(name: &str) -> Option<u32> {
        "readlink" => 89,
        "fchmod" => 91,
        "fchown" => 93,
+        "umask" => 95,
        "getuid" => 102,
        "getgid" => 104,
        "geteuid" => 107,
        "getegid" => 108,
        "sigaltstack" => 131,
+        "setrlimit" => 160,
        "arch_prctl" => 158,
        "gettid" => 186,
        "futex" => 202,
@ -231,6 +234,8 @@ pub fn syscall_number(name: &str) -> Option<u32> {
        "wait4" => 260,
        "prlimit64" => 261,
        "getrlimit" => 163,
+        "setrlimit" => 164,
+        "umask" => 166,
        "prctl" => 167,
        "fchmod" => 52,
        "fchmodat" => 53,
@ -241,6 +246,7 @@ pub fn syscall_number(name: &str) -> Option<u32> {
        "getgid" => 176,
        "getegid" => 177,
        "socket" => 198,
+        "socketpair" => 199,
        "bind" => 200,
        "listen" => 201,
        "accept" => 202,