diff --git a/.github/aw/actions-lock.json b/.github/aw/actions-lock.json index 3a943b2f1c..189d80ee30 100644 --- a/.github/aw/actions-lock.json +++ b/.github/aw/actions-lock.json @@ -47,8 +47,8 @@ }, "actions/github-script@v7.0.1": { "repo": "actions/github-script", - "version": "v7.1.0", - "sha": "f28e40c7f34bde8b3046d885e986cb6290c5673b" + "version": "v7.0.1", + "sha": "60a0d83039c74a4aee543508d2ffcb1c3799cdea" }, "actions/github-script@v8.0.0": { "repo": "actions/github-script", diff --git a/docs/src/content/docs/reference/frontmatter-full.md b/docs/src/content/docs/reference/frontmatter-full.md index eadfba3baa..8a5cad4221 100644 --- a/docs/src/content/docs/reference/frontmatter-full.md +++ b/docs/src/content/docs/reference/frontmatter-full.md @@ -868,8 +868,8 @@ sandbox: # (optional) type: "awf" - # Custom command to replace the default AWF or SRT installation. For AWF: 'docker - # run my-custom-awf-image'. For SRT: 'docker run my-custom-srt-wrapper' + # Custom command to replace the default AWF or SRT installation. For AWF: + # '/usr/local/bin/custom-awf-wrapper'. For SRT: '/usr/local/bin/custom-srt-wrapper' # (optional) command: "example-value" @@ -886,7 +886,8 @@ sandbox: # Container mounts to add when using AWF. Each mount is specified using Docker # mount syntax: 'source:destination:mode' where mode can be 'ro' (read-only) or - # 'rw' (read-write). Example: '/host/path:/container/path:ro' + # 'rw' (read-write). Example: '/host/path:/container/path:ro'. Docker socket + # mounts such as '/var/run/docker.sock' are not supported. # (optional) mounts: [] # Array of Mount specification in format 'source:destination:mode' @@ -917,7 +918,7 @@ sandbox: ignoreViolations: {} - # Enable weaker nested sandbox mode (recommended: true for Docker access) + # Enable weaker nested sandbox mode (use only when required) # (optional) enableWeakerNestedSandbox: true diff --git a/docs/src/content/docs/reference/sandbox.md b/docs/src/content/docs/reference/sandbox.md index fa3fb23d14..96562d2a1d 100644 --- a/docs/src/content/docs/reference/sandbox.md +++ b/docs/src/content/docs/reference/sandbox.md @@ -92,6 +92,13 @@ AWF automatically mounts several paths from the host into the container to enabl These default mounts ensure the agent has access to essential tools and the repository files. Custom mounts specified via `sandbox.agent.mounts` are added alongside these defaults. +> [!WARNING] +> Docker socket access is not supported for security +> reasons. The agent firewall does not mount +> `/var/run/docker.sock`, and custom mounts cannot add +> it, preventing agents from spawning Docker +> containers. + #### Custom AWF Configuration Use custom commands, arguments, and environment variables to replace the standard AWF installation with a custom setup: @@ -100,7 +107,7 @@ Use custom commands, arguments, and environment variables to replace the standar sandbox: agent: id: awf - command: "docker run --rm my-custom-awf-image" + command: "/usr/local/bin/custom-awf-wrapper" args: - "--custom-logging" - "--debug-mode" @@ -178,7 +185,7 @@ network: | `filesystem.denyRead` | `string[]` | Paths denied for read access | | `filesystem.denyWrite` | `string[]` | Paths denied for write access | | `ignoreViolations` | `object` | Map of command patterns to paths that should ignore violations | -| `enableWeakerNestedSandbox` | `boolean` | Enable weaker nested sandbox mode (recommended for Docker access) | +| `enableWeakerNestedSandbox` | `boolean` | Enable weaker nested sandbox mode (use only when required) | > [!NOTE] > Network Configuration @@ -267,11 +274,11 @@ features: sandbox: mcp: container: "ghcr.io/githubnext/gh-aw-mcpg:latest" - args: ["--rm", "-i", "-v", "/var/run/docker.sock:/var/run/docker.sock"] + args: ["--rm", "-i"] entrypointArgs: ["--routed", "--listen", "0.0.0.0:8000", "--config-stdin"] port: 8000 env: - DOCKER_API_VERSION: "1.44" + LOG_LEVEL: "info" ``` ## Legacy Format