Skip to content

fix: sandbox permissions #853

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ericcurtin merged 2 commits into from
Apr 13, 2026
Merged

fix: sandbox permissions #853

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f40e59e
fix: sandbox permissions
ilopezluna Apr 10, 2026
bb6ad7c
fix: validate environment variable format before backend execution
ilopezluna Apr 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions pkg/inference/backends/runner.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,10 @@ type RunnerConfig struct {
// ErrorTransformer is an optional function to transform error output
// into a more user-friendly message. If nil, the raw output is used.
ErrorTransformer ErrorTransformer
// Env is an optional list of extra environment variables for the backend
// process, each in "KEY=VALUE" form. These are appended to the current
// process environment. If nil, the backend inherits the parent env as-is.
Env []string
}

// Logger interface for backend logging
Expand Down Expand Up @@ -88,6 +92,9 @@ func RunBackend(ctx context.Context, config RunnerConfig) error {
}
command.Stdout = config.ServerLogWriter
command.Stderr = out
if len(config.Env) > 0 {
command.Env = append(os.Environ(), config.Env...)
Comment thread
ilopezluna marked this conversation as resolved.
}
},
config.SandboxPath,
config.BinaryPath,
Expand Down
1 change: 1 addition & 0 deletions pkg/inference/backends/vllm/vllm_metal.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,7 @@ func (v *vllmMetal) Run(ctx context.Context, socket, model string, modelRef stri
Args: args,
Logger: v.log,
ServerLogWriter: logging.NewWriter(v.serverLog),
Env: []string{"VLLM_HOST_IP=127.0.0.1"},
})
}

Expand Down
12 changes: 8 additions & 4 deletions pkg/sandbox/sandbox_darwin.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,10 @@ const ConfigurationPython = `(version 1)
;;; Also allow Unix domain socket binding in the system temp directory
;;; (/private/var/folders) which vllm-metal uses for internal ZMQ IPC sockets.
(deny network*)
(allow network-bind network-inbound
(allow network-bind network-inbound network-outbound
(regex #"inference.*-[0-9]+\.sock$")
(local tcp "localhost:*"))
(allow network-bind
(allow network-bind network-inbound network-outbound
(regex #"^/private/var/folders/"))

;;; Deny access to the camera and microphone.
Expand Down Expand Up @@ -76,12 +76,16 @@ const ConfigurationPython = `(version 1)
(allow file-write*
(literal "/dev/null")
(subpath "/private/var")
(subpath "/private/tmp")
(subpath "[HOMEDIR]/Library/Containers/com.docker.docker/Data")
(subpath "[WORKDIR]"))
(subpath "[WORKDIR]")
(subpath "[HOMEDIR]/.cache/vllm"))
(allow file-read*
(subpath "[HOMEDIR]/.docker/models")
(subpath "[HOMEDIR]/Library/Containers/com.docker.docker/Data")
(subpath "[WORKDIR]"))
(subpath "[WORKDIR]")
(subpath "[HOMEDIR]/.cache/vllm")
(subpath "/private/tmp"))
`

// ConfigurationLlamaCpp is the sandbox configuration for llama.cpp processes.
Expand Down
Loading