docs: design note for colibri-spawned pi in a FreeBSD jail #33

Merged
clawdie merged 1 commit from design/colibri-jailed-agent-spawn into main 2026-06-13 19:08:40 +02:00

1 commit

Author SHA1 Message Date
Sam & Claude
b1e23f4022 docs: design note for colibri-spawned pi in a FreeBSD jail
Some checks failed
CI / rust (pull_request) Has been cancelled
CI / markdown (pull_request) Has been cancelled
Colibri already spawns pi (spawner.rs) and captures its JSONL for glasspane;
this documents adding optional jail confinement to that existing path rather
than touching zot (whose swarm is self-only + no isolation — keeps the mirror
clean).

Covers: JailConfig + jail_wrap at the Command::new site, jail-aware teardown,
and the privilege decision for the root-only jexec step —

  - live USB    → `mdo -u root` (reuses mac_do; daemon == operator trust domain)
  - deployed    → setuid/Capsicum helper (narrow root surface on exposed hosts)

mac_do rules are identity-based (gid=0>uid=0), not command-filtered, so mdo
grants the daemon full root; that's acceptable on the single-operator live USB
but not on a deployed/exposed box, hence the split. Selected via PrivMode at
daemon config time so one spawner serves both.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-13 19:06:21 +02:00