fix: Move SANDBOX_SYSTEM_DIR to /var/tmp for non-root image compatibility
What does this MR do and why?
Changes from to so that the setup command succeeds on hardened images that run as a non-root UID.
Problem: is root-owned. When the Rails service emits as a setup command, it fails on non-root images:
$ mkdir -p /opt/.gitlab-sandbox
mkdir: cannot create directory '/opt/.gitlab-sandbox': Permission deniedThis affects the hardened DAP executor image () which runs as UID 1001 (). The workaround was to pre-create the directory at image build time (see default-docker-image!17), but that requires every image variant to know about this path.
Solution: Use instead. is world-writable (sticky bit, mode ), so any user — root or non-root — can create subdirectories there without elevated privileges. The runtime then succeeds on all image variants without requiring build-time pre-creation.
Security model is unchanged:
- The SRT sandbox's rule still explicitly prevents the agent from writing to
- Additionally, is not in the SRT list (), providing defense in depth — the agent cannot write to at all without an explicit entry
References
- default-docker-image!17 — the hardened image MR that prompted this change
- gitlab-org/gitlab!234726 — the MR that introduced
Screenshots or screen recordings
N/A — backend-only change.
| Before | After |
|---|---|
| Fails on non-root images () | Works on all images (world-writable ) |
How to set up and validate locally
- Check out this branch
- Create an agent config file (or simply replace the default image locally)
# .gitlab/duo/agent-config.yml
image: registry.gitlab.com/gitlab-org/duo-workflow/default-docker-image/workflow-generic-image-hardened:v0.0.7or
diff --git a/ee/app/services/ai/duo_workflows/start_workflow_service.rb b/ee/app/services/ai/duo_workflows/start_workflow_service.rb
index 65be3aa195df..e98903eec6ef 100644
--- a/ee/app/services/ai/duo_workflows/start_workflow_service.rb
+++ b/ee/app/services/ai/duo_workflows/start_workflow_service.rb
@@ -3,7 +3,7 @@
module Ai
module DuoWorkflows
class StartWorkflowService
- IMAGE_PATH = "gitlab-org/duo-workflow/default-docker-image/workflow-generic-image:v0.0.6"
+ IMAGE_PATH = "gitlab-org/duo-workflow/default-docker-image/workflow-generic-image-hardened:v0.0.7"
DUO_CLI_VERSION = "8.86.0"
DWS_STANDARD_CONTEXT_CATEGORY = "agent_platform_standard_context"- Start a Duo Developer flow on a work item using the UI button
- Confirm that the job doesn't fail
- (Optional) checkout the master branch and repeat the steps, to confirm the original bug
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.