8f30dd7754
Janitorial item 6 in 2026-05-15-janitorial-cleanup.md. The v1 sandbox design (2026-05-08-l4d2-script-overlays-design.md) was approved 2026-05-08 and superseded the same day by the v2 systemd-only design (2026-05-08-l4d2-script-sandbox-v2-systemd.md). The current left4me-script-sandbox helper uses systemd-run in service-unit mode; no bwrap binary is invoked. The v1 spec still described bubblewrap as the engine. - v1 spec gets a top-of-file banner pointing at v2 as the supersede. Body preserved; the rest of the v1 design (overlay-type unification, resource caps, helper auth) is still valid — only the sandbox engine changed. - l4d2web/services/overlay_builders.py: ScriptBuilder docstring "bubblewrap + systemd-run" → "hardened systemd-run transient service" (the as-built reality). - scripts/tests/test_script_sandbox.py: stray "/bwrap" in a comment cleaned up. Negative regression assertions (`assert "bwrap" not in text`) intentionally retained as the guard against accidental re-introduction. - Plan docs left untouched (historical action snapshots). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| libexec | ||
| sbin | ||
| tests | ||