You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OpenShell-Community sandbox images still create and depend on a named sandbox user and group. Once OpenShell Docker and Podman support driver-injected numeric identities, that baked account becomes unnecessary and prevents the images from conforming to the same arbitrary-numeric-identity contract as Kubernetes and VM workloads.
After a compatible OpenShell release is available, remove named sandbox account creation and named ownership assumptions from the Community base image and all derived sandbox images. Keep the privileged supervisor account where it is required by the image runtime.
For direct docker run behavior, retain a non-root default using numeric USER 10001:10001; OpenShell itself may override that default to start the supervisor as root and selects the actual agent identity at runtime. Set HOME=/sandbox explicitly and make only the intended mutable sandbox paths writable by arbitrary non-root numeric identities. Do not make bundled credentials, policy, or immutable toolchains broadly writable.
Add image conformance tests that verify no sandbox passwd/group entry or pre-existing UID/GID 10001, then run the image as a numeric UID/GID absent from the image and verify /sandbox writeability and common shell/Git/tool behavior. Test one representative Community image through each supported OpenShell driver before moving latest.
Publish a candidate tag first. Do not move the no-user image to latest until it passes against the released compatible OpenShell version, including the OpenShift SCC identity check where available.
Alternatives Considered
Remove only the final USER sandbox: rejected because chown sandbox:sandbox, copied ownership, startup scripts, and home-directory assumptions would remain.
Publish no-user Community images before Docker/Podman runtime support: rejected because userless BYOC images would fail on those drivers.
Retire the Community base image as part of this change: out of scope. The base provides OS packages, toolchains, agents, policy, skills, and shell setup beyond the named account; retirement needs a separate replacement decision.
Agent Investigation
The Community base and its derivatives contain named user/group creation, named chown operations, or final USER sandbox declarations.
A numeric Dockerfile USER is only the standalone image default. In OpenShell-managed Docker/Podman sandboxes, the privileged supervisor starts first and launches the agent under the driver-resolved numeric identity.
Problem Statement
OpenShell-Community sandbox images still create and depend on a named
sandboxuser and group. Once OpenShell Docker and Podman support driver-injected numeric identities, that baked account becomes unnecessary and prevents the images from conforming to the same arbitrary-numeric-identity contract as Kubernetes and VM workloads.This work depends on NVIDIA/OpenShell#2331 being released. It is part of the broader identity-removal tracking in NVIDIA/OpenShell#1959.
Proposed Design
After a compatible OpenShell release is available, remove named
sandboxaccount creation and named ownership assumptions from the Community base image and all derived sandbox images. Keep the privilegedsupervisoraccount where it is required by the image runtime.For direct
docker runbehavior, retain a non-root default using numericUSER 10001:10001; OpenShell itself may override that default to start the supervisor as root and selects the actual agent identity at runtime. SetHOME=/sandboxexplicitly and make only the intended mutable sandbox paths writable by arbitrary non-root numeric identities. Do not make bundled credentials, policy, or immutable toolchains broadly writable.Add image conformance tests that verify no
sandboxpasswd/group entry or pre-existing UID/GID10001, then run the image as a numeric UID/GID absent from the image and verify/sandboxwriteability and common shell/Git/tool behavior. Test one representative Community image through each supported OpenShell driver before movinglatest.Publish a candidate tag first. Do not move the no-user image to
latestuntil it passes against the released compatible OpenShell version, including the OpenShift SCC identity check where available.Alternatives Considered
USER sandbox: rejected becausechown sandbox:sandbox, copied ownership, startup scripts, and home-directory assumptions would remain.Agent Investigation
chownoperations, or finalUSER sandboxdeclarations.USERis only the standalone image default. In OpenShell-managed Docker/Podman sandboxes, the privileged supervisor starts first and launches the agent under the driver-resolved numeric identity.