diff --git a/crates/terminal/src/sandbox_exec.rs b/crates/terminal/src/sandbox_exec.rs index 40215702de7cb5e6dfba15abe522cd6f08ed3bfd..ba9b94cf6bb2833bd0be8e327418deda44a7866b 100644 --- a/crates/terminal/src/sandbox_exec.rs +++ b/crates/terminal/src/sandbox_exec.rs @@ -139,7 +139,8 @@ pub fn sandbox_exec_main(config_json: &str, shell_args: &[String]) -> ! { std::process::exit(1); } - let sandbox_config = config.to_sandbox_config(); + let mut sandbox_config = config.to_sandbox_config(); + sandbox_config.canonicalize_paths(); // Step 1: Filter environment variables. // Keep only allowed vars + a few Zed-specific ones. diff --git a/crates/terminal/src/terminal_settings.rs b/crates/terminal/src/terminal_settings.rs index 080cb529f6d5962cb2acbdbba66e1d175807ed2b..63089deb9065358b1b26eb9beee06343a7578e24 100644 --- a/crates/terminal/src/terminal_settings.rs +++ b/crates/terminal/src/terminal_settings.rs @@ -403,4 +403,33 @@ impl SandboxConfig { .unwrap_or_else(Self::default_allowed_env_vars), } } + + pub fn canonicalize_paths(&mut self) { + match std::fs::canonicalize(&self.project_dir) { + Ok(canonical) => self.project_dir = canonical, + Err(err) => log::warn!( + "Failed to canonicalize project dir {:?}: {}", + self.project_dir, + err + ), + } + canonicalize_path_list(&mut self.system_paths.executable); + canonicalize_path_list(&mut self.system_paths.read_only); + canonicalize_path_list(&mut self.system_paths.read_write); + canonicalize_path_list(&mut self.additional_executable_paths); + canonicalize_path_list(&mut self.additional_read_only_paths); + canonicalize_path_list(&mut self.additional_read_write_paths); + } +} + +fn try_canonicalize(path: &mut PathBuf) { + if let Ok(canonical) = std::fs::canonicalize(&*path) { + *path = canonical; + } +} + +fn canonicalize_path_list(paths: &mut Vec) { + for path in paths.iter_mut() { + try_canonicalize(path); + } }