Preserve sandbox capabilities through snapshot/recycle/restore by seanwevans · Pull Request #191 · seanwevans/PyIsolate

seanwevans · 2026-04-21T12:23:55Z

Reuse/recycle and checkpoint/restore flows only serialized capability keys, which lost the concrete capability objects needed for privileged operations after restart or recycle.
Snapshots must remain JSON-safe for checkpointing while being losslessly reconstructible into runtime capability objects for correctness.
Recycled sandboxes should receive the original capability mapping so handed privileges continue to work.

Implemented tagged, JSON-safe serialization for capability objects in SandboxThread.snapshot() via serialize_capabilities(...) so snapshots include reconstructible capability data instead of only keys. (pyisolate/runtime/thread.py)
Added deserialization logic deserialize_capabilities(...) and use it when initializing or reset(...)ing sandbox threads so both live capability objects and snapshot payloads are accepted. (pyisolate/runtime/thread.py)
Updated Supervisor.recycle() to forward capabilities=snap["capabilities"] into spawn(...) so recycled sandboxes retain their original capability grants. (pyisolate/supervisor.py)
Extended checkpoint/restore to propagate serialized capabilities into spawn(...) so restored sandboxes preserve handed capabilities. (pyisolate/checkpoint.py)
Added regression tests: test_recycle_preserves_capabilities (in tests/test_supervisor.py) and test_checkpoint_restores_capabilities (in tests/test_checkpoint.py) to validate capability-preservation across recycle and restore. (tests/*)

Ran pytest -q tests/test_supervisor.py and observed 23 passed.
Ran pytest -q tests/test_checkpoint.py and observed 13 passed.
Ran pytest -q tests/test_capabilities.py and observed 7 passed.
Ran targeted regression tests tests/test_supervisor.py::test_recycle_preserves_capabilities, tests/test_checkpoint.py::test_checkpoint_restores_capabilities, and tests/test_capabilities.py::test_filesystem_capability_allows_only_handed_paths and observed all 3 passed.

Preserve capability mappings across sandbox recycle

452b26e

seanwevans added the codex label Apr 21, 2026 — with ChatGPT Codex Connector

seanwevans merged commit ce0b552 into main Apr 21, 2026
9 of 19 checks passed

seanwevans deleted the codex/update-snapshot-with-capability-mapping branch April 21, 2026 12:24

Provide feedback