Skip to content

feat: migrate sandbox images to runtime numeric identity #87

Description

@matthewgrossman

Problem Statement

OpenShell-Community sandbox images still create and depend on a named sandbox user and group. Once OpenShell Docker and Podman support driver-injected numeric identities, that baked account becomes unnecessary and prevents the images from conforming to the same arbitrary-numeric-identity contract as Kubernetes and VM workloads.

This work depends on NVIDIA/OpenShell#2331 being released. It is part of the broader identity-removal tracking in NVIDIA/OpenShell#1959.

Proposed Design

After a compatible OpenShell release is available, remove named sandbox account creation and named ownership assumptions from the Community base image and all derived sandbox images. Keep the privileged supervisor account where it is required by the image runtime.

For direct docker run behavior, retain a non-root default using numeric USER 10001:10001; OpenShell itself may override that default to start the supervisor as root and selects the actual agent identity at runtime. Set HOME=/sandbox explicitly and make only the intended mutable sandbox paths writable by arbitrary non-root numeric identities. Do not make bundled credentials, policy, or immutable toolchains broadly writable.

Add image conformance tests that verify no sandbox passwd/group entry or pre-existing UID/GID 10001, then run the image as a numeric UID/GID absent from the image and verify /sandbox writeability and common shell/Git/tool behavior. Test one representative Community image through each supported OpenShell driver before moving latest.

Publish a candidate tag first. Do not move the no-user image to latest until it passes against the released compatible OpenShell version, including the OpenShift SCC identity check where available.

Alternatives Considered

  • Remove only the final USER sandbox: rejected because chown sandbox:sandbox, copied ownership, startup scripts, and home-directory assumptions would remain.
  • Publish no-user Community images before Docker/Podman runtime support: rejected because userless BYOC images would fail on those drivers.
  • Retire the Community base image as part of this change: out of scope. The base provides OS packages, toolchains, agents, policy, skills, and shell setup beyond the named account; retirement needs a separate replacement decision.

Agent Investigation

  • The Community base and its derivatives contain named user/group creation, named chown operations, or final USER sandbox declarations.
  • A numeric Dockerfile USER is only the standalone image default. In OpenShell-managed Docker/Podman sandboxes, the privileged supervisor starts first and launches the agent under the driver-resolved numeric identity.
  • This issue is intentionally downstream of feat: complete Docker and Podman runtime identity injection OpenShell#2331 and should not be implemented or published before that issue’s runtime support is released.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions