From 37b154bc94db057c7553e5b16ba7a0d353132795 Mon Sep 17 00:00:00 2001 From: JY Tan Date: Mon, 2 Feb 2026 10:22:13 -0800 Subject: [PATCH] fix(linux): remove expensive glob expansion for mandatory deny patterns The glob expansion using **/pattern patterns caused full filesystem walks of the current directory for each pattern (~15 patterns = ~15 walks). This caused hangs in directories with many files (e.g., node_modules). The concrete paths from getMandatoryDenyPaths() are sufficient for bwrap's --ro-bind protections. Landlock (applied via wrapper) provides additional recursive protection. Fixes #27 --- internal/sandbox/linux.go | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/internal/sandbox/linux.go b/internal/sandbox/linux.go index 01a847a..350c140 100644 --- a/internal/sandbox/linux.go +++ b/internal/sandbox/linux.go @@ -477,14 +477,15 @@ func WrapCommandLinuxWithOptions(cfg *config.Config, command string, bridge *Lin // Apply mandatory deny patterns (make dangerous files/dirs read-only) // This overrides any writable mounts for these paths + // + // Note: We only use concrete paths from getMandatoryDenyPaths(), NOT glob expansion. + // GetMandatoryDenyPatterns() returns expensive **/pattern globs that require walking + // the entire directory tree - this can hang on large directories (see issue #27). + // The concrete paths already cover dangerous files in cwd and home directory, + // which is sufficient protection for bwrap's --ro-bind. Landlock (applied separately + // via the wrapper) provides additional recursive protection. mandatoryDeny := getMandatoryDenyPaths(cwd) - // Expand glob patterns for mandatory deny - allowGitConfig := cfg != nil && cfg.Filesystem.AllowGitConfig - mandatoryGlobs := GetMandatoryDenyPatterns(cwd, allowGitConfig) - expandedMandatory := ExpandGlobPatterns(mandatoryGlobs) - mandatoryDeny = append(mandatoryDeny, expandedMandatory...) - // Deduplicate seen := make(map[string]bool) for _, p := range mandatoryDeny {