diff options
| -rw-r--r-- | CONTRIBUTING.md | 2 | ||||
| -rw-r--r-- | packages/cli/src/utils/sandbox-macos-permissive-proxied.sb | 2 | ||||
| -rw-r--r-- | packages/cli/src/utils/sandbox-macos-restrictive-proxied.sb | 2 | ||||
| -rw-r--r-- | packages/cli/src/utils/sandbox.ts | 6 | ||||
| -rwxr-xr-x | scripts/example-proxy.js | 7 |
5 files changed, 11 insertions, 8 deletions
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e63d35ed..64bdc06e 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -271,7 +271,7 @@ Container-based sandboxing mounts the project directory (and system temp directo #### Proxied Networking -All sandboxing methods, including MacOS Seatbelt using `*-proxied` profiles, support restricting outbound network traffic through a custom proxy server that can be specified as `GEMINI_SANDBOX_PROXY_COMMAND=<command>`, where `<command>` must start a proxy server that listens on `0.0.0.0:8877` for relevant requests. See `scripts/example-proxy.js` for a minimal proxy that only allows `HTTPS` connections to `example.com:443` (e.g. `curl https://example.com`) and declines all other requests. The proxy is started and stopped automatically alongside the sandbox. +All sandboxing methods, including MacOS Seatbelt using `*-proxied` profiles, support restricting outbound network traffic through a custom proxy server that can be specified as `GEMINI_SANDBOX_PROXY_COMMAND=<command>`, where `<command>` must start a proxy server that listens on `:::8877` for relevant requests. See `scripts/example-proxy.js` for a minimal proxy that only allows `HTTPS` connections to `example.com:443` (e.g. `curl https://example.com`) and declines all other requests. The proxy is started and stopped automatically alongside the sandbox. ## Manual Publish diff --git a/packages/cli/src/utils/sandbox-macos-permissive-proxied.sb b/packages/cli/src/utils/sandbox-macos-permissive-proxied.sb index 861e503d..842fb6a4 100644 --- a/packages/cli/src/utils/sandbox-macos-permissive-proxied.sb +++ b/packages/cli/src/utils/sandbox-macos-permissive-proxied.sb @@ -24,7 +24,7 @@ ;; deny all outbound network traffic EXCEPT through proxy on localhost:8877 ;; set `GEMINI_SANDBOX_PROXY_COMMAND=<command>` to run proxy alongside sandbox -;; proxy must listen on 0.0.0.0:8877 (see scripts/example-proxy.js) +;; proxy must listen on :::8877 (see scripts/example-proxy.js) (deny network-outbound) (allow network-outbound (remote tcp "localhost:8877")) diff --git a/packages/cli/src/utils/sandbox-macos-restrictive-proxied.sb b/packages/cli/src/utils/sandbox-macos-restrictive-proxied.sb index cc4c1e5e..826055e5 100644 --- a/packages/cli/src/utils/sandbox-macos-restrictive-proxied.sb +++ b/packages/cli/src/utils/sandbox-macos-restrictive-proxied.sb @@ -88,5 +88,5 @@ ;; allow outbound network traffic through proxy on localhost:8877 ;; set `GEMINI_SANDBOX_PROXY_COMMAND=<command>` to run proxy alongside sandbox -;; proxy must listen on 0.0.0.0:8877 (see scripts/example-proxy.js) +;; proxy must listen on :::8877 (see scripts/example-proxy.js) (allow network-outbound (remote tcp "localhost:8877")) diff --git a/packages/cli/src/utils/sandbox.ts b/packages/cli/src/utils/sandbox.ts index d47c44b5..0cb1eb54 100644 --- a/packages/cli/src/utils/sandbox.ts +++ b/packages/cli/src/utils/sandbox.ts @@ -339,7 +339,7 @@ export async function start_sandbox(sandbox: string) { }); console.log('waiting for proxy to start ...'); await execAsync( - `until curl -s http://localhost:8877; do sleep 0.25; done`, + `until timeout 0.25 curl -s http://localhost:8877; do sleep 0.25; done`, ); } // spawn child and let it inherit stdio @@ -661,7 +661,9 @@ export async function start_sandbox(sandbox: string) { process.exit(1); }); console.log('waiting for proxy to start ...'); - await execAsync(`until curl -s http://localhost:8877; do sleep 0.25; done`); + await execAsync( + `until timeout 0.25 curl -s http://localhost:8877; do sleep 0.25; done`, + ); // connect proxy container to sandbox network // (workaround for older versions of docker that don't support multiple --network args) await execAsync( diff --git a/scripts/example-proxy.js b/scripts/example-proxy.js index 284a2eed..576da849 100755 --- a/scripts/example-proxy.js +++ b/scripts/example-proxy.js @@ -6,7 +6,7 @@ * SPDX-License-Identifier: Apache-2.0 */ -// Example proxy server that listens on 0.0.0.0:8877 and only allows HTTPS connections to example.com. +// Example proxy server that listens on :::8877 and only allows HTTPS connections to example.com. // Set `GEMINI_SANDBOX_PROXY_COMMAND=scripts/example-proxy.js` to run proxy alongside sandbox // Test via `curl https://example.com` inside sandbox (in shell mode or via shell tool) @@ -66,8 +66,9 @@ server.on('connect', (req, clientSocket, head) => { }); }); -server.listen(PROXY_PORT, '0.0.0.0', () => { - console.log(`[PROXY] Proxy listening on 0.0.0.0:${PROXY_PORT}`); +server.listen(PROXY_PORT, () => { + const address = server.address(); + console.log(`[PROXY] Proxy listening on ${address.address}:${address.port}`); console.log( `[PROXY] Allowing HTTPS connections to domains: ${ALLOWED_DOMAINS.join(', ')}`, ); |