docs: design note for colibri-spawned pi in a FreeBSD jail #33

Merged

clawdie merged 1 commit from design/colibri-jailed-agent-spawn into main 2026-06-13 19:08:40 +02:00

Conversation 0 Commits 1 Files changed 1 +184

clawdie commented 2026-06-13 19:08:26 +02:00

Owner

Copy link

Colibri already spawns pi (spawner.rs) and captures its JSONL for glasspane;
this documents adding optional jail confinement to that existing path rather
than touching zot (whose swarm is self-only + no isolation — keeps the mirror
clean).

Covers: JailConfig + jail_wrap at the Command::new site, jail-aware teardown,
and the privilege decision for the root-only jexec step —

• live USB → mdo -u root (reuses mac_do; daemon == operator trust domain)
• deployed → setuid/Capsicum helper (narrow root surface on exposed hosts)

mac_do rules are identity-based (gid=0>uid=0), not command-filtered, so mdo
grants the daemon full root; that's acceptable on the single-operator live USB
but not on a deployed/exposed box, hence the split. Selected via PrivMode at
daemon config time so one spawner serves both.

Co-Authored-By: Claude Opus 4.8 noreply@anthropic.com

Colibri already spawns pi (spawner.rs) and captures its JSONL for glasspane; this documents adding optional jail confinement to that existing path rather than touching zot (whose swarm is self-only + no isolation — keeps the mirror clean). Covers: JailConfig + jail_wrap at the Command::new site, jail-aware teardown, and the privilege decision for the root-only jexec step — - live USB → `mdo -u root` (reuses mac_do; daemon == operator trust domain) - deployed → setuid/Capsicum helper (narrow root surface on exposed hosts) mac_do rules are identity-based (gid=0>uid=0), not command-filtered, so mdo grants the daemon full root; that's acceptable on the single-operator live USB but not on a deployed/exposed box, hence the split. Selected via PrivMode at daemon config time so one spawner serves both. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

clawdie added 1 commit 2026-06-13 19:08:29 +02:00

docs: design note for colibri-spawned pi in a FreeBSD jail ... b1e23f4022

Colibri already spawns pi (spawner.rs) and captures its JSONL for glasspane;
this documents adding optional jail confinement to that existing path rather
than touching zot (whose swarm is self-only + no isolation — keeps the mirror
clean).

Covers: JailConfig + jail_wrap at the Command::new site, jail-aware teardown,
and the privilege decision for the root-only jexec step —

  - live USB    → `mdo -u root` (reuses mac_do; daemon == operator trust domain)
  - deployed    → setuid/Capsicum helper (narrow root surface on exposed hosts)

mac_do rules are identity-based (gid=0>uid=0), not command-filtered, so mdo
grants the daemon full root; that's acceptable on the single-operator live USB
but not on a deployed/exposed box, hence the split. Selected via PrivMode at
daemon config time so one spawner serves both.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

clawdie merged commit c3e68e98f2 into main 2026-06-13 19:08:40 +02:00

clawdie referenced this pull request from a commit 2026-06-13 19:08:41 +02:00

Merge pull request 'docs: design note for colibri-spawned pi in a FreeBSD jail' (#33) from design/colibri-jailed-agent-spawn into main

clawdie deleted branch design/colibri-jailed-agent-spawn 2026-06-13 19:08:41 +02:00

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

first-proof blocker

gates the first proven end-to-end

  

hardening

security/robustness follow-up, not a first-proof gate

No labels

first-proof blocker

hardening

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: clawdie/colibri#33

No description provided.