name: "LLM sandbox"
description: "Sandboxed LLM Env."
description: "No network access and a limited access to local host resources."

# Run once then exit
mode: ONCE

# No time limit
time_limit: 0

# Limits memory usage
rlimit_as_type: SOFT
# Maximum size of core dump files
rlimit_core_type: SOFT
# Limits use of CPU time
rlimit_cpu_type: SOFT
# Maximum file size
rlimit_fsize_type: SOFT
# Maximum number of file descriptors opened
rlimit_nofile_type: SOFT
# Maximum stack size
rlimit_stack_type: SOFT
# Maximum number of threads
rlimit_nproc_type: SOFT

# Allow terminal control
# This let's users cancel jobs with CTRL-C
# without exiting the jail
skip_setsid: true

silent: false
stderr_to_null: false

# Below are all the host paths that shall be mounted
# to the sandbox

# Mount proc as read/write.
mount {
  dst: "/proc"
  fstype: "proc"
  rw: true
}

# The sandbox User ID was chosen arbitrarily
uidmap {
  inside_id: "999999"
  outside_id: ""
  count: 1
}

# The sandbox Group ID was chosen arbitrarily
gidmap {
  inside_id: "65534"
  outside_id: ""
  count: 1
}

keep_env: true

mount {
  dst: "/tmp"
  fstype: "tmpfs"
  rw: true
  is_bind: false
}

# Some tools need /dev/shm to created a named semaphore. Use a new tmpfs to
# limit access to the external environment.
mount {
  dst: "/dev/shm"
  fstype: "tmpfs"
  rw: true
  is_bind: false
}

# Map the working User ID to a username
# Some tools like Java need a valid username
mount {
  src_content: "nobody:x:999999:65534:nobody:/tmp:/bin/bash"
  dst: "/etc/passwd"
  mandatory: false
}

# Define default group
mount {
  src_content: "nogroup::65534:nogroup"
  dst: "/etc/group"
  mandatory: false
}

# Empty mtab file needed for some build scripts that check for images being mounted
mount {
  src_content: "\n"
  dst: "/etc/mtab"
  mandatory: false
}

mount {
  src: "/dev/null"
  dst: "/dev/null"
  rw: true
  is_bind: true
}

mount {
  src: "/proc/self/fd"
  dst: "/dev/fd"
  is_symlink: true
  mandatory: false
}

# /dev/urandom used during the creation of system.img
mount {
  src: "/dev/urandom"
  dst: "/dev/urandom"
  rw: true
  is_bind: true
}

# /dev/random used by test scripts
mount {
  src: "/dev/random"
  dst: "/dev/random"
  rw: true
  is_bind: true
}

# /dev/zero is required to make vendor-qemu.img
mount {
  src: "/dev/zero"
  dst: "/dev/zero"
  is_bind: true
}

mount {
  src: "/usr/local/bin/llava"
  dst: "llava"
  is_bind: true
}