Goal
Set up a capture-the-flag challenge where colleagues attempt to break out of the code sandbox. The sandbox has been hardened (10 escape vectors found and fixed in pentest), but we want adversarial testing from fresh eyes.
Design Needed
- Flag placement: Bake a flag file into the container image at a Landlock-readable path (e.g.,
/opt/app-root/flag.txt). Participants must read it through the sandbox API.
- Deployment: Standalone sandbox instance with a simple UI for submitting code. Could use the ecosystem-test stack (ui → gateway → agent → sandbox) or a minimal direct-to-sandbox frontend.
- Rules: What counts as a valid capture (must show the flag contents), what's out of bounds (no attacking the cluster itself), time limit, scoring.
- Participant onboarding: How colleagues access it, what they're told about the architecture, hint tiers.
- Issue tracking: Participants file escape vectors via the issue template at fips-agents/code-sandbox.
Context
- Pentest report:
docs/pentest-report.md
- 6 defense layers: AST guardrails, runtime import deny, subprocess isolation, Landlock LSM, seccomp, NetworkPolicy
- The hardened sandbox is deployed and verified on fips-rhoai
- Issue templates and labels already set up for CTF submissions
References
Goal
Set up a capture-the-flag challenge where colleagues attempt to break out of the code sandbox. The sandbox has been hardened (10 escape vectors found and fixed in pentest), but we want adversarial testing from fresh eyes.
Design Needed
/opt/app-root/flag.txt). Participants must read it through the sandbox API.Context
docs/pentest-report.mdReferences
ecosystem-testnamespace on fips-rhoai