Skip to content

feat(vm): boot sandboxes from ext4 root disks#1263

Merged
drew merged 10 commits into
mainfrom
fix/vm-sandbox-workdir-image
May 15, 2026
Merged

feat(vm): boot sandboxes from ext4 root disks#1263
drew merged 10 commits into
mainfrom
fix/vm-sandbox-workdir-image

Conversation

@drew
Copy link
Copy Markdown
Collaborator

@drew drew commented May 8, 2026
edited
Loading

Summary

Boot VM sandboxes from per-sandbox ext4 root disk images instead of exposing a prepared host rootfs directory to the guest.

Related Issue

N/A

Changes

  • Cache prepared VM root filesystems as rootfs.ext4 images keyed by source image identity and rootfs layout version.
  • Copy the cached root disk per sandbox and launch libkrun/QEMU with that disk as the guest root filesystem.
  • Move guest environment and TLS injection into the ext4 image, keep guest /sandbox ownership inside guest filesystem metadata, and update VM docs/e2e notes.

Testing

  • mise run pre-commit passes
  • Unit tests added/updated
  • E2E tests added/updated (if applicable)
  • mise run e2e:vm passes

Checklist

  • Follows Conventional Commits
  • Commits are signed off (DCO)
  • Architecture docs updated (if applicable)

@drew drew requested review from a team, derekwaynecarr, maxamillion and mrunalp as code owners May 8, 2026 07:21
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 8, 2026

🌿 Preview your docs: https://nvidia-preview-pr-1263.docs.buildwithfern.com/openshell

@drew drew marked this pull request as draft May 8, 2026 07:29
@copy-pr-bot
Copy link
Copy Markdown

copy-pr-bot Bot commented May 8, 2026

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

@ericksoa ericksoa mentioned this pull request May 13, 2026
Merged
@drew drew force-pushed the fix/vm-sandbox-workdir-image branch from 8ea15a2 to 0115a38 Compare May 15, 2026 05:36
@copy-pr-bot
Copy link
Copy Markdown

copy-pr-bot Bot commented May 15, 2026

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

@drew drew marked this pull request as ready for review May 15, 2026 17:04
TaylorMutch
TaylorMutch previously approved these changes May 15, 2026
View reviewed changes
@drew drew force-pushed the fix/vm-sandbox-workdir-image branch from 8674029 to 9de17f9 Compare May 15, 2026 19:25
@drew drew force-pushed the fix/vm-sandbox-workdir-image branch from 9de17f9 to 7d0c92d Compare May 15, 2026 20:12
@drew drew merged commit 910d3f0 into main May 15, 2026
29 checks passed
@drew drew deleted the fix/vm-sandbox-workdir-image branch May 15, 2026 20:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TaylorMutch TaylorMutch TaylorMutch left review comments

@mrunalp mrunalp Awaiting requested review from mrunalp mrunalp is a code owner

@maxamillion maxamillion Awaiting requested review from maxamillion maxamillion is a code owner

@derekwaynecarr derekwaynecarr Awaiting requested review from derekwaynecarr derekwaynecarr is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@drew @TaylorMutch