feat: add linux extra readable mounts for cross-mount visibility

[jy-tan]

Summary

Implement non-recursive bubblewrap root binds by introducing filesystem.extraReadableMounts. This lets users explicitly expose mount roots (for example /nix and /run) while keeping defaults conservative.

Changes

• Add new config field filesystem.extraReadableMounts and wire it through config loading/merge, JSON output, and schema generation.
• Implement Linux mount handling in internal/sandbox/linux_mounts.go:
  • read /proc/self/mountinfo
  • include descendant submounts under each configured root
  • canonicalize paths and skip special mounts (/dev, /proc, /tmp) to avoid conflicts.
• Apply the expanded mount list to both enforcement layers:
  • bubblewrap read-only binds in internal/sandbox/linux.go
  • Landlock read allow rules in internal/sandbox/linux_landlock.go.
• Add validation that extraReadableMounts entries are absolute paths (must start with /).
• Add unit test coverage for config validation/merge/marshal and Linux mountinfo parsing/expansion.
• Update docs:
  • config docs for extraReadableMounts with a NixOS example
  • troubleshooting guidance on how to choose roots from missing paths (/nix/store/... -> /nix, /run/... -> /run).

[cubic-dev-ai]

1 issue found across 11 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="internal/sandbox/linux.go">

<violation number="1" location="internal/sandbox/linux.go:655">
P2: Appending `extraReadableMountPaths` last can cause explicit mount roots to be skipped when earlier child paths mark the root as already bound. Process extra mount roots first so their bind is not dropped by intermediary-dir bookkeeping.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}