You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: architecture/sandbox.md
+10Lines changed: 10 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -460,6 +460,16 @@ Kernel-level error behavior (e.g., Landlock ABI unavailable) depends on `Landloc
460
460
461
461
**Baseline path filtering**: System-injected baseline paths (e.g., `/app`) are pre-filtered by `enrich_proto_baseline_paths()` / `enrich_sandbox_baseline_paths()` using `Path::exists()` before they reach Landlock. If a baseline `read_write` path is already present in `read_only`, enrichment skips the promotion so explicit policy intent is preserved. User-specified paths are not pre-filtered -- they are evaluated at Landlock apply time so misconfigurations surface as warnings or errors.
462
462
463
+
**GPU baseline paths**: The supervisor currently infers GPU baseline paths from
464
+
device nodes and NVIDIA runtime paths visible inside the sandbox container. The
465
+
Docker compute driver can request CDI GPU injection, but this implementation
466
+
does not pass CDI metadata into the supervisor. Future device-specific CDI
467
+
selection may need follow-up work so the supervisor can enrich Landlock using
468
+
the requested CDI device's actual device nodes and mounted library paths. That
469
+
design must work for remote Docker daemons, where Docker-reported CDI spec
470
+
directories are paths on the daemon host and may not be readable by the gateway
"docker compute driver does not support gpu sandboxes",
266
+
"docker GPU sandboxes require Docker CDI support. Enable CDI on the Docker daemon, then restart the OpenShell gateway/server so GPU capability is detected.",
0 commit comments