Skip to content

fix(sandbox): restore GPU filesystem baseline #1522

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
elezar wants to merge 1 commit into
base: fix/1486-gpu-enrichment-no-network/elezar
Choose a base branch
from
+357 −105
Open

fix(sandbox): restore GPU filesystem baseline #1522

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions architecture/security-policy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,15 @@ For the field-by-field YAML reference, use
Filesystem and process policy are startup-time controls. Network policy is
dynamic and can be hot-reloaded when the new policy validates successfully.

The sandbox supervisor also injects runtime baseline filesystem paths before
the child process starts. Proxy mode adds the standard read-only system paths
and writable work paths needed by the proxy and shell environment. GPU runtimes
add the NVIDIA or WSL2 device nodes exposed inside the sandbox and promote
`/proc` to read-write for default-like policies because CUDA initialization
writes `/proc/<pid>/task/<tid>/comm`. Custom policies that explicitly keep a
GPU-required path read-only fail at startup with an actionable diagnostic
instead of being silently widened.

## Network Decisions

Ordinary network traffic follows this order:
Expand Down
Loading
Loading