Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 0 additions & 6 deletions crates/cortexfs/src/bin/cortexfs-agent-runtime.rs
Original file line number Diff line number Diff line change
Expand Up @@ -57,16 +57,10 @@ fn run(args: Vec<OsString>) -> Result<(), String> {
"default",
PolicyPermission::Connect,
);
let provider_secret =
cortexfs::open_provider_system_secret_for_model(&config.source, view.model())
.map_err(|_error| format!("provider secret unavailable: {}", view.model()))?;
let mut runtime_env = view.env().to_vec();
if runtime_model != view.model() {
runtime_env.push(("CTX_AGENT_MODEL_OVERRIDE".to_owned(), runtime_model.clone()));
}
if let Some(secret) = provider_secret.as_ref() {
runtime_env.extend(secret.env());
}
let agent_executable = runtime_agent_executable(Path::new(cortexfs::CTX_ROOT), &config.agent);
let result = serve_agent_executable_socket_listener_once(
&listener,
Expand Down
10 changes: 2 additions & 8 deletions crates/cortexfs/src/provider_name.rs
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,6 @@ pub fn open_provider_system_secret(
Ok(Some(ProviderSystemSecretHandle {
provider: provider.to_owned(),
account: account.to_owned(),
path,
file,
}))
}
Expand Down Expand Up @@ -198,7 +197,6 @@ pub enum ProviderSystemSecretError {
pub struct ProviderSystemSecretHandle {
provider: String,
account: String,
path: PathBuf,
file: File,
}

Expand Down Expand Up @@ -230,19 +228,15 @@ impl ProviderSystemSecret {
impl ProviderSystemSecretHandle {
/// Environment metadata for passing this already-open secret fd.
///
/// These variables contain no secret material; they identify only an fd/path
/// These variables contain no secret material; they identify only an fd
/// and the provider slot it belongs to.
#[must_use]
pub fn env(&self) -> [(String, String); 4] {
pub fn env(&self) -> [(String, String); 3] {
[
(
"CTX_PROVIDER_SECRET_FD".to_owned(),
self.file.as_raw_fd().to_string(),
),
(
"CTX_PROVIDER_SECRET_PATH".to_owned(),
self.path.display().to_string(),
),
(
"CTX_PROVIDER_SECRET_PROVIDER".to_owned(),
self.provider.clone(),
Expand Down
43 changes: 15 additions & 28 deletions crates/cortexfs/src/socket_runtime.rs
Original file line number Diff line number Diff line change
Expand Up @@ -490,6 +490,7 @@ fn apply_agent_executable_socket_env(
runtime
.env
.iter()
.filter(|env| !is_provider_secret_env(&env.0))
.map(|env| (env.0.as_str(), env.1.as_str())),
)
.env("CTX_AGENT", runtime.agent_name)
Expand All @@ -504,7 +505,12 @@ pub(crate) fn agent_executable_socket_bwrap_args(
request: &BwrapAgentExecutableArgs<'_>,
) -> Vec<String> {
let mut bwrap = vec!["--clearenv".to_owned()];
for env in request.runtime.env {
for env in request
.runtime
.env
.iter()
.filter(|env| !is_provider_secret_env(&env.0))
{
bwrap.extend(["--setenv".to_owned(), env.0.clone(), env.1.clone()]);
}
bwrap.extend([
Expand Down Expand Up @@ -559,7 +565,6 @@ pub(crate) fn agent_executable_socket_bwrap_args(
if !request.runtime.network_allowed {
bwrap.push("--unshare-net".to_owned());
}
bwrap.extend(bwrap_provider_secret_bind_args(request.runtime.env));
bwrap.extend(bwrap_source_root_bind_args(request.runtime.source_root));
if let Some(timing) = request.debug {
bwrap.extend([
Expand Down Expand Up @@ -603,32 +608,14 @@ fn bwrap_source_root_bind_args(source_root: &Path) -> Vec<String> {
args
}

fn bwrap_provider_secret_bind_args(env: &[(String, String)]) -> Vec<String> {
let fd = env
.iter()
.find(|entry| entry.0 == "CTX_PROVIDER_SECRET_FD")
.map(|entry| entry.1.as_str());
let Some(path) = env
.iter()
.find(|entry| entry.0 == "CTX_PROVIDER_SECRET_PATH")
.map(|entry| entry.1.as_str())
else {
return Vec::new();
};
if !path.starts_with('/') {
return Vec::new();
}
let mut args = bwrap_dir_args_for_parent(path);
if let Some(fd) = fd.filter(|fd| !fd.is_empty() && fd.bytes().all(|byte| byte.is_ascii_digit()))
{
args.push("--ro-bind-data".to_owned());
args.push(fd.to_owned());
} else {
args.push("--ro-bind".to_owned());
args.push(path.to_owned());
}
args.push(path.to_owned());
args
fn is_provider_secret_env(name: &str) -> bool {
matches!(
name,
"CTX_PROVIDER_SECRET_FD"
| "CTX_PROVIDER_SECRET_PATH"
| "CTX_PROVIDER_SECRET_PROVIDER"
| "CTX_PROVIDER_SECRET_SLOT"
)
}

fn bwrap_dir_args_for_parent(path: &str) -> Vec<String> {
Expand Down
14 changes: 13 additions & 1 deletion crates/cortexfs/tests/unit/lib/agent_execution_policy.rs
Original file line number Diff line number Diff line change
Expand Up @@ -722,7 +722,19 @@ fn agent_executable_socket_bwrap_args_apply_agent_sandbox() {
"CTX_AGENT_HISTORY_MESSAGES",
"- user: hi"
));
assert!(contains_arg_triplet(
assert!(!contains_arg_triplet(
&args,
"--setenv",
"CTX_PROVIDER_SECRET_FD",
"9"
));
assert!(!contains_arg_triplet(
&args,
"--setenv",
"CTX_PROVIDER_SECRET_PATH",
"/run/user/1000/cortexfs/credentials/coder-default"
));
assert!(!contains_arg_triplet(
&args,
"--ro-bind-data",
"9",
Expand Down