fix(deps): update ghcr.io/codize-dev/nsjail:latest docker digest to fce880b

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
ghcr.io/codize-dev/nsjail	stage	digest	a4131e2 → fce880b

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday (* 0-4,22-23 * * 1-5)
  • Only on Sunday and Saturday (* * * * 0,6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

This PR updates the ghcr.io/codize-dev/nsjail base image digest from a4131e2 to fce880b, incorporating 15 commits from the upstream nsjail repository spanning approximately 6 weeks (April 17, 2026 → May 29, 2026).

Critical Bug Fixes:

1. ESRCH in sched_setaffinity (PR #264) - Fixed a critical bug where glibc's internal PID/TID cache was not updated after creating a new PID namespace using clone3(). This caused sched_setaffinity(0, ...) to fail with ESRCH (No such process) because the cached parent TID doesn't exist in the new namespace. The fix bypasses glibc and calls the syscall directly to ensure 0 (current thread) is passed correctly to the kernel.

2. Double-free in nl_cache (PR #265) - Fixed a double-free vulnerability in net.cc:initParent() where nl_cache_free(link_cache) was called explicitly in error paths and again by the RAII defer guard, leading to memory corruption and crashes under AddressSanitizer. This affects the iface_own network interface ownership transfer feature.

3. cmdline: --exec_file flag handling (PR #269) - Fixed setupArgv() which was unconditionally overwriting the --exec_file path with argv[0], breaking the documented behavior where --exec_file should take precedence.

4. unotify improvements - Multiple fixes to the seccomp unotify implementation:

   • Fixed core unotify implementation functionality
   • Added return value checking for TextFormat::PrintToString to fix build errors under -Werror=unused-result
   • Improved error handling by ignoring ENOENT and EINPROGRESS when logging SECCOMP_IOCTL_NOTIF_SEND failures

No Breaking Changes: All changes are bug fixes and internal improvements. No API changes, configuration format changes, or behavioral changes that would affect this codebase.

Security Impact: The fixes improve stability and correctness but do not address exploitable security vulnerabilities in the context of this sandbox's usage.

🎯 Impact Scope Investigation

Configuration Analysis:

This sandbox uses nsjail with the following relevant settings (from internal/sandbox/configs/nsjail.cfg):

• max_cpus: 1 - Uses sched_setaffinity() to restrict processes to one CPU core (directly benefits from PR #264 fix)
• clone_newnet: true - Creates new network namespace
• iface_no_lo: true - No loopback interface
• Does NOT use iface_own (the feature affected by PR #265 double-free fix)
• Does NOT use macvlan_iface or custom network interfaces
• PID namespace is enabled by default (affected by PR #264)

Direct Benefits:

1. PR #264 (sched_setaffinity fix) - This sandbox is directly impacted and will benefit from this fix. Every sandbox execution uses max_cpus: 1, which calls sched_setaffinity() in a new PID namespace created via clone3(). The old image may have experienced intermittent ESRCH errors when setting CPU affinity.

2. PR #269 (--exec_file fix) - This sandbox doesn't use the --exec_file flag directly (relies on command-line arguments), so this fix has no direct impact.

3. PR #265 (nl_cache double-free) - This sandbox doesn't use iface_own configuration, so the double-free bug doesn't affect it. However, the fix improves overall stability.

Dependency Impact:

• No changes to Debian base image (still bookworm-slim)
• Image size increased minimally: 100,249,556 bytes → 100,277,487 bytes (+27,931 bytes, +0.03%)
• No changes to nsjail command-line interface or configuration syntax

Usage Locations:

• Dockerfile:15 - Base image specification (single location)
• internal/sandbox/execution.go - Invokes nsjail binary via Go exec
• No direct API dependencies on nsjail internals

💡 Recommended Actions

Immediate Actions:

• ✅ Merge this PR - The update is safe and provides important bug fixes
• ✅ No code changes required - All changes are internal to nsjail binary
• ✅ No configuration changes required - Existing nsjail.cfg remains compatible

Post-Merge Verification:

1. Run E2E test suite to verify sandbox functionality across all runtimes:

   docker compose down && docker compose up --build -d
   go test -tags e2e ./e2e/...

2. Monitor for any sched_setaffinity related errors in logs (should decrease with the fix)

3. Verify CPU affinity restrictions are working correctly with max_cpus: 1

No Migration Required: This is a transparent update with backward compatibility maintained. The sandbox service can be updated with zero downtime by rebuilding and redeploying the Docker container.

🔗 Reference Links

• nsjail repository: https://github.com/codize-dev/nsjail
• Upstream nsjail: https://github.com/google/nsjail
• PR #264 (ESRCH fix): Merged 2026-05-05, fixes glibc TID caching issue with clone3
• PR #265 (double-free fix): Merged 2026-05-05, fixes nl_cache memory corruption in iface_own error paths
• PR #269 (--exec_file fix): Merged 2026-05-28, fixes command-line argument precedence
• PR #270 (unotify warning fix): Merged 2026-05-28, fixes build warnings
• Old image revision: eb50673 (2026-04-17)
• New image revision: a724647 (2026-05-29)
• Total commits: 15 commits over 6 weeks

Generated by koki-develop/claude-renovate-review