-
Notifications
You must be signed in to change notification settings - Fork 7
[16] Per-tool container isolation #45
Copy link
Copy link
Open
Labels
area:infraInfrastructure and DockerInfrastructure and Dockerarea:securitySecurity controls and validationSecurity controls and validationeffort:XLExtra-large effort (> 4 weeks)Extra-large effort (> 4 weeks)priority:P0Critical — must be done firstCritical — must be done first
Milestone
Description
Metadata
Metadata
Assignees
Labels
area:infraInfrastructure and DockerInfrastructure and Dockerarea:securitySecurity controls and validationSecurity controls and validationeffort:XLExtra-large effort (> 4 weeks)Extra-large effort (> 4 weeks)priority:P0Critical — must be done firstCritical — must be done first
Problem
All tools run in the same container process, sharing filesystem, network, and privileges. A vulnerable tool or malicious output could compromise the entire Tengu environment.
Implementation Steps
Files to Modify
Dependencies
None (standalone)