NVIDIA · sjenning · Jun 22, 2026 · Jun 22, 2026 · Jun 22, 2026 · Jun 23, 2026
@@ -71,3 +71,18 @@ pub const K8S_SA_TOKEN_FILE: &str = "OPENSHELL_K8S_SA_TOKEN_FILE";
 /// exchanges without using SPIFFE for gateway authentication.
 pub const PROVIDER_SPIFFE_WORKLOAD_API_SOCKET: &str =
     "OPENSHELL_PROVIDER_SPIFFE_WORKLOAD_API_SOCKET";
+
+/// Resolved sandbox UID used to override `run_as_user` when the policy
+/// specifies a numeric value instead of the hardcoded "sandbox" user name.
+///
+/// Set by compute drivers (Kubernetes, Docker, VM) from resolved config or
+/// cluster autodetection. The supervisor reads this at startup and uses it
+/// directly with `setuid()` / `chown()` without requiring an `/etc/passwd`
+/// entry in the sandbox image.
+pub const SANDBOX_UID: &str = "OPENSHELL_SANDBOX_UID";
+
+/// Resolved sandbox GID paired with [`SANDBOX_UID`].
+///
+/// Used alongside UID for PVC init container `chown` operations and when the
+/// supervisor drops privileges to a group other than the UID's primary group.
+pub const SANDBOX_GID: &str = "OPENSHELL_SANDBOX_GID";
@@ -16,6 +16,7 @@ path = "src/main.rs"
 
 [dependencies]
 openshell-core = { path = "../openshell-core", default-features = false }
+openshell-policy = { path = "../openshell-policy" }
 
 tokio = { workspace = true }
 tonic = { workspace = true, features = ["transport"] }

@@ -211,6 +211,16 @@ pub struct KubernetesComputeConfig {
         deserialize_with = "deserialize_provider_spiffe_workload_api_socket_path"
     )]
     pub provider_spiffe_workload_api_socket_path: String,
+    /// UID used for the supervisor container `securityContext.runAsUser` and
+    /// PVC init container ownership operations. When empty, the driver
+    /// auto-detects from OpenShift SCC annotations on the target namespace;
+    /// if those are also absent, falls back to `1000`.
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub sandbox_uid: Option<u32>,
+    /// GID used alongside `sandbox_uid` for PVC init container operations.
+    /// When empty and `sandbox_uid` is set, defaults to the resolved UID.
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub sandbox_gid: Option<u32>,
 }
 
 /// Lower bound enforced by kubelet for projected SA tokens.
@@ -221,6 +231,18 @@ pub const MIN_SA_TOKEN_TTL_SECS: i64 = 600;
 /// pod start).
 pub const MAX_SA_TOKEN_TTL_SECS: i64 = 86_400;
 
+/// Default sandbox UID used when neither config nor OpenShift SCC annotations
+/// provide a resolved value.
+pub(crate) const DEFAULT_SANDBOX_UID: u32 = 1000;
+
+/// The annotation key for the OpenShift ServiceAccount UID range.
+/// Format: `<start>/<size>` (e.g. `1000000000/10000`).
+pub const ANNOTATION_SCC_UID_RANGE: &str = "openshift.io/sa.scc.uid-range";
+
+/// The annotation key for the OpenShift ServiceAccount supplemental groups.
+/// Format: `<start>/<size>` (e.g. `1000000000/10000`).
+pub const ANNOTATION_SCC_SUPPLEMENTAL_GROUPS: &str = "openshift.io/sa.scc.supplemental-groups";
+
 impl Default for KubernetesComputeConfig {
     fn default() -> Self {
         Self {
@@ -246,6 +268,8 @@ impl Default for KubernetesComputeConfig {
             default_runtime_class_name: String::new(),
             sa_token_ttl_secs: 3600,
             provider_spiffe_workload_api_socket_path: String::new(),
+            sandbox_uid: None,
+            sandbox_gid: None,
         }
     }
 }
@@ -277,6 +301,64 @@ impl KubernetesComputeConfig {
             &self.provider_spiffe_workload_api_socket_path,
         )
     }
+
+    /// Resolve the sandbox UID/GID pair.
+    ///
+    /// Resolution order:
+    /// 1. Configured `sandbox_uid` / `sandbox_gid` (explicit override)
+    /// 2. OpenShift SCC namespace annotations (`sa.scc.uid-range`,
+    ///    `sa.scc.supplemental-groups`) — passed in as the optional
+    ///    `namespace_annotations` map
+    /// 3. Fallback defaults: UID=`1000`, GID=UID
+    pub fn resolve_sandbox_uid(
+        &self,
+        namespace_annotations: Option<&std::collections::BTreeMap<String, String>>,
+    ) -> u32 {
+        if let Some(uid) = self.sandbox_uid {
+            return uid;
+        }
+        // Try OpenShift SCC annotation.
+        if let Some(anns) = namespace_annotations {
+            if let Some(range) = anns.get(ANNOTATION_SCC_UID_RANGE) {
+                if let Some(uid) = Self::from_open_shift_uid_range(range) {
+                    return uid;
+                }
+            }
+        }
+        DEFAULT_SANDBOX_UID
+    }
+
+    pub fn resolve_sandbox_gid(
+        &self,
+        resolved_uid: u32,
+        _namespace_annotations: Option<&std::collections::BTreeMap<String, String>>,
+    ) -> u32 {
+        self.sandbox_gid
+            .or_else(|| self.sandbox_uid)
+            .unwrap_or(resolved_uid)
+    }
+
+    /// Parse OpenShift SCC `sa.scc.uid-range` annotation.
+    ///
+    /// Format: `<start>/<size>` (e.g. `1000000000/10000`).
+    pub fn from_open_shift_uid_range(annotation: &str) -> Option<u32> {
+        let (start, _) = annotation.split_once('/')?;
+        start
+            .trim()
+            .parse::<u32>()
+            .ok()
+            .filter(|&uid| uid >= openshell_policy::MIN_SANDBOX_UID)
+    }
+
+    /// Parse OpenShift SCC `sa.scc.supplemental-groups` annotation.
+    pub fn from_open_shift_supplemental_groups(annotation: &str) -> Option<u32> {
+        let (start, _) = annotation.split_once('/')?;
+        start
+            .trim()
+            .parse::<u32>()
+            .ok()
+            .filter(|&gid| gid >= openshell_policy::MIN_SANDBOX_UID)
+    }
 }
 
 fn validate_provider_spiffe_workload_api_socket_path_value(
@@ -314,6 +396,7 @@ fn validate_provider_spiffe_workload_api_socket_path_value(
 #[cfg(test)]
 mod tests {
     use super::*;
+    use std::collections::BTreeMap as HashMap;
 
     #[test]
     fn default_workspace_storage_size_is_2gi() {
@@ -459,4 +542,128 @@ mod tests {
         let cfg: KubernetesComputeConfig = serde_json::from_value(json).unwrap();
         assert_eq!(cfg.image_pull_secrets, ["regcred", "backup-regcred"]);
     }
+
+    #[test]
+    fn default_sandbox_uid_and_gid_are_none() {
+        let cfg = KubernetesComputeConfig::default();
+        assert_eq!(cfg.sandbox_uid, None);
+        assert_eq!(cfg.sandbox_gid, None);
+    }
+
+    #[test]
+    fn serde_override_sandbox_uid() {
+        let json = serde_json::json!({
+            "sandbox_uid": 1500
+        });
+        let cfg: KubernetesComputeConfig = serde_json::from_value(json).unwrap();
+        assert_eq!(cfg.sandbox_uid, Some(1500));
+    }
+
+    #[test]
+    fn serde_override_sandbox_gid() {
+        let json = serde_json::json!({
+            "sandbox_gid": 2000
+        });
+        let cfg: KubernetesComputeConfig = serde_json::from_value(json).unwrap();
+        assert_eq!(cfg.sandbox_gid, Some(2000));
+    }
+
+    #[test]
+    fn parse_openshift_uid_range() {
+        assert_eq!(
+            KubernetesComputeConfig::from_open_shift_uid_range("1000000000/10000"),
+            Some(1000000000)
+        );
+        assert_eq!(
+            KubernetesComputeConfig::from_open_shift_uid_range("1000/50000"),
+            Some(1000)
+        );
+    }
+
+    #[test]
+    fn parse_openshift_uid_range_rejects_below_min() {
+        // 999 is below MIN_SANDBOX_UID (1000) — should be rejected.
+        assert_eq!(
+            KubernetesComputeConfig::from_open_shift_uid_range("999/50000"),
+            None
+        );
+    }
+
+    #[test]
+    fn parse_openshift_supplemental_groups() {
+        assert_eq!(
+            KubernetesComputeConfig::from_open_shift_supplemental_groups("1000/50000"),
+            Some(1000)
+        );
+    }
+
+    #[test]
+    fn resolve_sandbox_uid_prefers_config() {
+        let cfg = KubernetesComputeConfig {
+            sandbox_uid: Some(5000),
+            ..KubernetesComputeConfig::default()
+        };
+        // Config value should win even when annotations are present.
+        let mut anns: HashMap<String, String> = HashMap::new();
+        anns.insert(
+            ANNOTATION_SCC_UID_RANGE.to_string(),
+            "1000000000/10000".to_string(),
+        );
+        assert_eq!(cfg.resolve_sandbox_uid(Some(&anns)), 5000);
+    }
+
+    #[test]
+    fn resolve_sandbox_uid_falls_back_to_openshift_annotation() {
+        let cfg = KubernetesComputeConfig::default();
+        let mut anns: HashMap<String, String> = HashMap::new();
+        anns.insert(
+            ANNOTATION_SCC_UID_RANGE.to_string(),
+            "1000000000/10000".to_string(),
+        );
+        assert_eq!(cfg.resolve_sandbox_uid(Some(&anns)), 1000000000);
+    }
+
+    #[test]
+    fn resolve_sandbox_uid_falls_back_to_default() {
+        let cfg = KubernetesComputeConfig::default();
+        // No config, no annotations.
+        assert_eq!(cfg.resolve_sandbox_uid(None), DEFAULT_SANDBOX_UID);
+        // Empty annotations map.
+        let anns: HashMap<String, String> = HashMap::new();
+        assert_eq!(cfg.resolve_sandbox_uid(Some(&anns)), DEFAULT_SANDBOX_UID);
+    }
+
+    #[test]
+    fn resolve_sandbox_gid_prefers_config() {
+        let cfg = KubernetesComputeConfig {
+            sandbox_uid: Some(5000),
+            sandbox_gid: Some(6000),
+            ..KubernetesComputeConfig::default()
+        };
+        assert_eq!(
+            cfg.resolve_sandbox_gid(cfg.resolve_sandbox_uid(None), None),
+            6000
+        );
+    }
+
+    #[test]
+    fn resolve_sandbox_gid_falls_back_to_uid() {
+        let cfg = KubernetesComputeConfig {
+            sandbox_uid: Some(5000),
+            ..KubernetesComputeConfig::default()
+        };
+        // sandbox_gid is None, should fall back to sandbox_uid.
+        assert_eq!(
+            cfg.resolve_sandbox_gid(cfg.resolve_sandbox_uid(None), None),
+            5000
+        );
+    }
+
+    #[test]
+    fn resolve_sandbox_gid_falls_back_to_resolved_uid() {
+        let cfg = KubernetesComputeConfig::default();
+        // Both are None, should use the resolved UID.
+        let uid = cfg.resolve_sandbox_uid(None);
+        assert_eq!(cfg.resolve_sandbox_gid(uid, None), uid);
+    }
 }