Skip to content

fix(vm): correct /sandbox ownership when rootfs is built by non-root host#1176

Open
benoitf wants to merge 1 commit intoNVIDIA:mainfrom
benoitf:fix/vm-sandbox-home-ownership
Open

fix(vm): correct /sandbox ownership when rootfs is built by non-root host#1176
benoitf wants to merge 1 commit intoNVIDIA:mainfrom
benoitf:fix/vm-sandbox-home-ownership

Conversation

@benoitf
Copy link
Copy Markdown
Contributor

@benoitf benoitf commented May 5, 2026

Summary

Fix /sandbox home directory ownership in VM sandboxes when the host CLI runs as a non-root user (e.g. macOS UID 501). The sandbox user could not create files or directories in its own home because OCI layer extraction preserves the host user's UID instead of the in-guest sandbox user's UID.

Related Issue

related to #957

Changes

  • Add a conditional chown -R block to the VM init script (openshell-vm-sandbox-init.sh) that runs before the supervisor starts
  • The block compares the current owner of /sandbox against the sandbox user's UID (resolved via id -u sandbox) and only runs chown when there is a mismatch
  • No-op on systems where tar extraction already preserves correct ownership (e.g. Linux-as-root)

Testing

  • mise run pre-commit passes
  • Unit tests added/updated
  • E2E tests added/updated (if applicable)

Manual verification

# Clear the rootfs cache so the updated init script is embedded
rm -rf target/openshell-vm-driver/images

# Rebuild
OPENSHELL_VM_RUNTIME_COMPRESSED_DIR=$PWD/target/vm-runtime-compressed cargo build

# Create a sandbox and verify
./target/debug/openshell sandbox create --from base
# Inside sandbox:
id                    # uid=998(sandbox)
ls -la ~              # should show sandbox:sandbox ownership
mkdir ~/hello         # should succeed
touch ~/testfile      # should succeed

without the patch I got

$ openshell  sandbox create --from base                                                                                                                                                                
  Created sandbox: perennial-pika

  sandbox@openshell-sandbox-vm:~$ id
  uid=998(sandbox) gid=998(sandbox) groups=998(sandbox)
  
  sandbox@openshell-sandbox-vm:~$ mkdir hello
  mkdir: cannot create directory 'hello': Permission denied
  
  sandbox@openshell-sandbox-vm:~$ ls -la
  total 8
  drwxr-xr-x 3 501 dialout  96 May  5 18:42 .agents
  -rw-r--r-- 1 501 dialout 174 Apr  3 23:12 .bashrc
  drwxr-xr-x 3 501 dialout  96 May  5 18:42 .claude
  -rw-r--r-- 1 501 dialout  32 Apr  3 23:12 .profile
  drwxr-xr-x 3 501 dialout  96 May  5 18:42 .uv
  drwxr-xr-x 9 501 dialout 288 May  5 18:42 .venv
  
  
  (501 is the user id on my mac)

Checklist

  • Follows Conventional Commits
  • Commits are signed off (DCO)
  • Architecture docs updated (if applicable)

@benoitf
fix(vm): correct /sandbox ownership when rootfs is built by non-root …
c156d38 
…host

When the VM driver extracts OCI image layers on a non-root host (e.g.
macOS UID 501), fs::copy and tar::unpack create files owned by the host
user. The sandbox user inside the VM then cannot write to its own home
directory.

Add a conditional chown in the VM init script that detects the mismatch
and fixes ownership before the supervisor starts. The check is skipped
when ownership is already correct (e.g. Linux-as-root extraction).

Signed-off-by: Florent Benoit <fbenoit@redhat.com>
@benoitf benoitf requested review from a team, derekwaynecarr, maxamillion and mrunalp as code owners May 5, 2026 19:05
@copy-pr-bot
Copy link
Copy Markdown

copy-pr-bot Bot commented May 5, 2026

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrunalp mrunalp Awaiting requested review from mrunalp mrunalp is a code owner

@maxamillion maxamillion Awaiting requested review from maxamillion maxamillion is a code owner

@derekwaynecarr derekwaynecarr Awaiting requested review from derekwaynecarr derekwaynecarr is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@benoitf