[pitboss/grind] deferred session-0025 (20260517T044708Z-e058)

This commit is contained in:
pitboss 2026-05-17 08:54:00 -05:00
parent 27e9aea950
commit bcf2b48994
3 changed files with 487 additions and 150 deletions

View file

@ -21,25 +21,39 @@ missing. Misconfiguration cannot brick the sandbox-exec backend.
## How the seeds get generated
Run `tools/sb-trace.sh` from a macOS host that has the interpreters
on `$PATH`. The script materialises each `.sb` profile in
deny-default form, runs the per-language harness cold-start
(`python3 -c 'import socket,subprocess,...'`, `node -e require(...)`,
etc.) under it, captures the sandbox-exec trace, and emits a
candidate seed.
on `$PATH`. The script materialises each `.sb` profile with
`(allow default)` rewritten to `(deny default)`, runs each
per-language probe under `sandbox-exec`, queries
`log show --predicate 'eventMessage CONTAINS "(<pid>) deny"'` for the
kernel deny records the probe triggered, converts each deny line
into the matching `(allow ...)` rule, appends it to the profile, and
re-runs the probe. The loop stops when an iteration produces no new
denies (the probe ran cleanly under the accumulated allows) or when
the kernel's per-tuple dedup window swallows every remaining record.
Output goes to this directory:
The PID-targeted log query sidesteps the dedup window: each iteration's
probe runs as a new process with a fresh PID, so the kernel emits a
fresh deny record even when the operation tuple repeats. The older
`(trace "<file>")` mechanism is silently ignored on macOS 26+ and is
no longer used.
tools/sb-trace/<cap>.allow (committed)
tools/sb-trace/<cap>.trace.raw (audit artifact, gitignored)
Output:
tools/sb-trace/<cap>.allow (committed after hand-review)
After a run, hand-review each `.allow` seed before committing. The
script's emitted seeds usually need two passes:
emitted seeds usually need two passes:
1. Replace host-specific literal paths with regex matches. For
instance `/Users/eli/.pyenv/versions/3.11/lib/python3.11/...`
should become a regex anchored on `^/Users/[^/]+/\\.pyenv/`.
2. Group related `mach-lookup` rules into one allow directive when
they share a service prefix.
2. Group related rules onto one `(allow <op> a b c ...)` directive
when the targets share semantics.
The parser logic that turns one deny line into one allow rule is
exercised in CI via `tests/sb_trace_script.rs`, which invokes
`tools/sb-trace.sh --selftest` — a mode that runs the parser against
canned input and exits non-zero on any mismatch.
## Activating a seed at runtime