name: "LLM sandbox" description: "Sandboxed LLM Env." description: "No network access and a limited access to local host resources." # Run once then exit mode: ONCE # No time limit time_limit: 0 # Limits memory usage rlimit_as_type: SOFT # Maximum size of core dump files rlimit_core_type: SOFT # Limits use of CPU time rlimit_cpu_type: SOFT # Maximum file size rlimit_fsize_type: SOFT # Maximum number of file descriptors opened rlimit_nofile_type: SOFT # Maximum stack size rlimit_stack_type: SOFT # Maximum number of threads rlimit_nproc_type: SOFT # Allow terminal control # This let's users cancel jobs with CTRL-C # without exiting the jail skip_setsid: true silent: false stderr_to_null: false # Below are all the host paths that shall be mounted # to the sandbox # Mount proc as read/write. mount { dst: "/proc" fstype: "proc" rw: true } # The sandbox User ID was chosen arbitrarily uidmap { inside_id: "999999" outside_id: "" count: 1 } # The sandbox Group ID was chosen arbitrarily gidmap { inside_id: "65534" outside_id: "" count: 1 } keep_env: true mount { dst: "/tmp" fstype: "tmpfs" rw: true is_bind: false } # Some tools need /dev/shm to created a named semaphore. Use a new tmpfs to # limit access to the external environment. mount { dst: "/dev/shm" fstype: "tmpfs" rw: true is_bind: false } # Map the working User ID to a username # Some tools like Java need a valid username mount { src_content: "nobody:x:999999:65534:nobody:/tmp:/bin/bash" dst: "/etc/passwd" mandatory: false } # Define default group mount { src_content: "nogroup::65534:nogroup" dst: "/etc/group" mandatory: false } # Empty mtab file needed for some build scripts that check for images being mounted mount { src_content: "\n" dst: "/etc/mtab" mandatory: false } mount { src: "/dev/null" dst: "/dev/null" rw: true is_bind: true } mount { src: "/proc/self/fd" dst: "/dev/fd" is_symlink: true mandatory: false } # /dev/urandom used during the creation of system.img mount { src: "/dev/urandom" dst: "/dev/urandom" rw: true is_bind: true } # /dev/random used by test scripts mount { src: "/dev/random" dst: "/dev/random" rw: true is_bind: true } # /dev/zero is required to make vendor-qemu.img mount { src: "/dev/zero" dst: "/dev/zero" is_bind: true } mount { src: "/usr/local/bin/llava" dst: "llava" is_bind: true }