Spaces:
Sleeping
Sleeping
File size: 1,807 Bytes
0dd7c80 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 | """Resource caps and container security options for the sandbox.
Centralised here so every reward evaluation uses the same limits and there's
one place to audit/change them.
"""
from __future__ import annotations
from typing import Any
# Defaults — can be overridden per call at the runner API.
DEFAULT_TIMEOUT_S: float = 5.0
DEFAULT_MEM_MB: int = 256
# Grace period beyond timeout_s before forcibly killing the container.
WAIT_BUFFER_S: float = 2.0
# Report is written to the bind-mounted /work (not tmpfs /tmp), so it
# survives container exit and can be read from the host side directly.
REPORT_FILENAME: str = "report.json"
REPORT_PATH_IN_CONTAINER: str = f"/work/{REPORT_FILENAME}"
# Image tag. Build with `make build-sandbox`.
SANDBOX_IMAGE: str = "vrl-sandbox:latest"
def container_kwargs(mem_mb: int) -> dict[str, Any]:
"""Docker SDK kwargs that harden the container against untrusted code.
Any change here affects the entire RL reward signal — audit carefully.
"""
return {
# --- isolation ---
"network_mode": "none",
"read_only": True,
"cap_drop": ["ALL"],
"security_opt": ["no-new-privileges"],
# --- resource caps ---
"mem_limit": f"{mem_mb}m",
"memswap_limit": f"{mem_mb}m", # no swap escape
"nano_cpus": 1_000_000_000, # 1 CPU
"pids_limit": 64,
# Writable tmpfs for /tmp (scratch only — tmpfs is destroyed on exit).
"tmpfs": {"/tmp": "rw,size=64m,mode=1777,nosuid,nodev"},
# Disable .pyc writes. The container runs as UID 1000, but on Linux
# CI the host runs as a different UID, so pycache files written to
# the bind-mounted /work would be un-deletable by the host cleanup.
"environment": {"PYTHONDONTWRITEBYTECODE": "1"},
}
|