hermes-agent/tools/environments
angelos c933880b7e
fix(docker): gate resource limit flags on cgroup controller availability
On hosts where the cgroup v2 cpu/memory/pids controllers are not delegated
to the docker/podman process (unprivileged Proxmox LXCs, some rootless and
nested setups), --pids-limit/--cpus/--memory cause every container start to
fail with OCI runtime error / exit 126, breaking terminal + execute_code.

- Add _cgroup_limits_available(image): one-shot, host-wide cached probe that
  spawns a throwaway container from the sandbox image itself (sleep 0) with
  all three flags together, mirroring the existing _storage_opt_supported
  probe-and-degrade pattern.
- Remove --pids-limit from static _BASE_SECURITY_ARGS; apply it (default 256
  via _DEFAULT_PIDS_LIMIT) in resource_args gated on the probe.
- Gate --cpus and --memory on the same probe.

Behavior unchanged on cgroup-capable hosts; graceful degradation with a
one-time warning where controllers aren't delegated.

Fixes #6568.
2026-06-28 15:24:16 -07:00
..
__init__.py remove Vercel AI Gateway and Vercel Sandbox (#33067) 2026-05-27 00:43:32 -07:00
base.py fix(environments): use $BASHPID for atomic snapshot temp + harden failure path 2026-06-28 02:08:57 -07:00
daytona.py fix(daytona): quote single-upload mkdir parent path (#54440) 2026-06-28 14:33:03 -07:00
docker.py fix(docker): gate resource limit flags on cgroup controller availability 2026-06-28 15:24:16 -07:00
file_sync.py fix(ssh): handle WinError 1314 symlink failure with shutil.copy2 fallback 2026-06-04 18:06:21 -07:00
local.py fix(environments): use $BASHPID for atomic snapshot temp + harden failure path 2026-06-28 02:08:57 -07:00
managed_modal.py feat(environments): unified spawn-per-call execution layer 2026-04-08 17:23:15 -07:00
modal.py fix(async): close unscheduled coroutines in all threadsafe bridges (#26584) 2026-05-15 14:00:01 -07:00
modal_utils.py fix(tools): don't compound-rewrite spawn_via_env background wrappers 2026-06-01 00:05:10 +05:30
singularity.py fix: prevent TUI gateway stdin EOF crash across all TUI-context subprocess calls 2026-06-08 22:46:57 -07:00
ssh.py fix(tui): preserve remote cwd for ssh sessions 2026-06-06 18:40:43 -07:00