docs: move sandbox threat model to docs/security.md, add code reference

2026-05-22 12:28:04 +02:00 · 2026-05-22 12:28:04 +02:00 · 6ca72074c4
commit 6ca72074c4
parent a6bd4cf502
3 changed files with 36 additions and 13 deletions
--- a/nix/templates/harness-base.nix
+++ b/nix/templates/harness-base.nix
@ -353,19 +353,7 @@
    # fail inside the container. Enable sandbox-fallback so builds that
    # can't set up the sandbox (no user-namespaces in nspawn) fall back
    # to unsandboxed local builds rather than failing outright.
-    #
-    # Security note (issue #240): unsandboxed builds run as `nixbld` users
-    # (non-root) and can read any world-readable file in the container.
-    # Mitigations in place:
-    #   - /root/.claude (claude session) is mode 700, root-owned - nixbld
-    #     users cannot access it.
-    #   - /state/forge-token (Forgejo API token) is written at mode 0600 by
-    #     hive-c0re/src/forge.rs - nixbld users cannot access it.
-    # All future credential files written to agent state dirs MUST be mode
-    # 0600 or stricter. Do NOT create world-readable secret files.
-    # Long-term fix: enable user namespaces in nspawn containers
-    # (--private-users=inherit) so the nix sandbox actually works and
-    # sandbox-fallback becomes a true last resort.
+    # Security implications: see docs/security.md.
    nix.settings.sandbox-fallback = true;

    # `claude-code` is unfree. Each per-agent container's nixosConfiguration