teknium1 866fd9476b fix(docker): remove --read-only and allow exec on /tmp for package installs ... The Docker sandbox previously used --read-only on the root filesystem and noexec on /tmp. This broke 30+ skills that need to install packages: - npm install -g (codex, claude-code, mcporter, powerpoint) - pip install (20+ mlops/media/productivity skills) - apt install (minecraft-modpack-server, ml-paper-writing) - Build tools that compile in /tmp (pip wheels, node-gyp) The container is already fully isolated from the host. Industry standard (E2B, Docker Sandboxes, OpenAI Codex) does not use --read-only — the container itself is the security boundary. Retained security hardening: - --cap-drop ALL (zero capabilities) - --security-opt no-new-privileges (no escalation) - --pids-limit 256 (no fork bombs) - Size-limited tmpfs for /tmp, /var/tmp, /run - nosuid on all tmpfs mounts - noexec on /var/tmp and /run (rarely need exec there) - Resource limits (CPU, memory, disk) - Ephemeral containers (destroyed after use) Fixes #189.		2026-03-02 01:09:34 -08:00
..
__init__.py	Refactor Terminal and AIAgent cleanup	2026-02-21 22:31:43 -08:00
base.py	feat: enhance README and improve environment configuration	2026-02-23 21:15:35 -08:00
docker.py	fix(docker): remove --read-only and allow exec on /tmp for package installs	2026-03-02 01:09:34 -08:00
local.py	feat(tests): add live integration tests for file operations and shell noise filtering	2026-02-28 22:57:58 -08:00
modal.py	feat: enhance README and improve environment configuration	2026-02-23 21:15:35 -08:00
singularity.py	feat: enhance README and improve environment configuration	2026-02-23 21:15:35 -08:00
ssh.py	feat: enhance README and improve environment configuration	2026-02-23 21:15:35 -08:00