Skip to content

feat(network): add open_port_range and fix Linux ProxyOnly semantics#1262

Open
SequeI wants to merge 3 commits into
mainfrom
seccompNotify
Open

feat(network): add open_port_range and fix Linux ProxyOnly semantics#1262
SequeI wants to merge 3 commits into
mainfrom
seccompNotify

Conversation

@SequeI

@SequeI SequeI commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Linked Issue

Closes #1101
Closes #611

Summary

  • ProxyOnly on Linux now always uses seccomp-notify regardless of Landlock ABI; Landlock TCP rules have no IP component and cannot enforce loopback-only
  • Add open_port_range to profiles and CapabilitySet for localhost IPC port ranges; macOS expands ≤256 ports to individual Seatbelt rules, wider ranges collapse to localhost:* with a warning; Linux expands to individual Landlock rules in both block-net and proxy mode
  • Add open_port=0 wildcard in proxy mode: allows any loopback connect/bind without knowing the port at profile-write time (fixes ephemeral port use cases like Testcontainers and Maven Surefire)
  • open_port=0 in block-net mode on Linux errors at startup (no supervisor)
  • Document all network mode and port behaviour including platform differences

Test Plan

Checklist

  • An issue exists and is linked above
  • All commits are signed-off, using DCO
  • All new code follows the project's coding standards (CLAUDE.md) and is covered by tests
  • Public-facing changes are paired with documentation updates
  • Release note has been added to CHANGELOG.md if needed

@github-actions

github-actions Bot commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

PR Review Summary

Size

Metric Value
Lines added +505
Lines removed -91
Total changed 596
Classification Large (> 300 lines)

Affected crates

  • crates/nono (core library) — careful review required. This is the security-critical sandbox primitive. A bug here bypasses OS-level isolation for every downstream user.
  • crates/nono-cli — CLI changes. Verify argument parsing, flag documentation, and UX behaviour across supported platforms.

Blast radius — Moderate

This PR touches: source code,documentation

Updated automatically on each push to this PR.

SequeI added 2 commits June 25, 2026 14:48
@SequeI
feat(network): add open_port_range and fix Linux ProxyOnly semantics
42388dd 
- ProxyOnly on Linux now always uses seccomp-notify regardless of Landlock
  ABI; Landlock TCP rules have no IP component and cannot enforce loopback-only
- Add open_port_range to profiles and CapabilitySet for localhost IPC port
  ranges; macOS expands ≤256 ports to individual Seatbelt rules, wider ranges
  collapse to localhost:* with a warning; Linux expands to individual Landlock
  rules in both block-net and proxy mode
- Add open_port=0 wildcard in proxy mode: allows any loopback connect/bind
  without knowing the port at profile-write time (fixes ephemeral port use
  cases like Testcontainers and Maven Surefire)
- open_port=0 in block-net mode on Linux errors at startup (no supervisor)
- Document all network mode and port behaviour including platform differences

Signed-off-by: Aleksy Siek <aleksy@alwaysfurther.ai>
@SequeI
fix
679d946 
Signed-off-by: Aleksy Siek <aleksy@alwaysfurther.ai>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

feature nono nono-cli size/large

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

(network) fix Linux ProxyOnly semantics Allow domain filtering and unknown ports on localhost

1 participant

@SequeI