-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathpolicy.yaml
More file actions
77 lines (68 loc) · 2 KB
/
Copy pathpolicy.yaml
File metadata and controls
77 lines (68 loc) · 2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# SPDX-FileCopyrightText: Copyright (c) 2025-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
#
# Source: https://github.com/NVIDIA/OpenShell-Community/blob/8f7d0daaa8b1a0d0742ba2e17fb26686d2842dc7/sandboxes/base/policy.yaml
version: 1
# --- Sandbox setup configuration (queried once at startup) ---
filesystem_policy:
include_workdir: true
read_only:
- /usr
- /lib
- /proc
- /dev/urandom
- /app
- /etc
- /var/log
read_write:
- /sandbox
- /tmp
- /dev/null
landlock:
compatibility: best_effort
process:
run_as_user: sandbox
run_as_group: sandbox
# --- Network policies (queried per-CONNECT request) ---
#
# Each named policy maps a set of allowed (binary, endpoint) pairs.
# Binary identity is resolved via /proc/net/tcp inode lookup + /proc/{pid}/exe.
# Ancestors (/proc/{pid}/status PPid walk) and cmdline paths are also matched.
# SHA256 integrity is enforced in Rust via trust-on-first-use, not here.
network_policies:
github_ssh_over_https:
name: github-ssh-over-https
endpoints:
- host: github.com
port: 443
protocol: rest
tls: terminate
enforcement: enforce
rules:
# Git Smart HTTP read-only: allow clone, fetch, pull
# Discovery (query string is included in path matching)
- allow:
method: GET
path: "/**/info/refs*"
# Data transfer for reads (all repos)
- allow:
method: POST
path: "/**/git-upload-pack"
# Data transfer for writes
# - allow:
# method: POST
# path: "/**/git-receive-pack"
binaries:
- { path: /usr/bin/git }
# --- GitHub REST API (read-only) ---
github_rest_api:
name: github-rest-api
endpoints:
- host: api.github.com
port: 443
protocol: rest
tls: terminate
enforcement: enforce
access: read-only
binaries:
- { path: /usr/bin/gh }