Skip to content

fix(controller): decouple skills from privileged sandbox#1998

Open
mesutoezdil wants to merge 1 commit into
kagent-dev:mainfrom
mesutoezdil:fix/skills-privileged-pss
Open

fix(controller): decouple skills from privileged sandbox#1998
mesutoezdil wants to merge 1 commit into
kagent-dev:mainfrom
mesutoezdil:fix/skills-privileged-pss

Conversation

@mesutoezdil

Copy link
Copy Markdown
Contributor

Skills are loaded by the init container. The main container does not
need privileged=true for skill loading.

Before this change, any agent with skills got privileged=true on the
main container, which breaks restricted PSS clusters.

Now only BashTool sandbox (cfg.GetExecuteCode) sets privileged=true.

Fixes #1997

Copilot AI review requested due to automatic review settings June 11, 2026 16:21
@github-actions github-actions Bot added the bug Something isn't working label Jun 11, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Updates the agent manifest generation and test fixtures so that configuring skills no longer implicitly makes the main container privileged; privileged mode is now reserved for explicit code-execution sandboxing.

Changes:

  • Removed securityContext.privileged: true from golden manifest outputs for agents with skills/git-skills.
  • Updated security-context tests to assert that skills do not set privileged security context on the main container.
  • Simplified buildSkillsRuntime by removing the side-effect that forced code-execution isolation.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File Description
go/core/internal/controller/translator/agent/testdata/outputs/agent_with_skills.json Updates golden output to no longer include privileged main-container security context when skills are present.
go/core/internal/controller/translator/agent/testdata/outputs/agent_with_git_skills.json Same golden output update for git-based skills.
go/core/internal/controller/translator/agent/security_context_test.go Adjusts expectations: skills should not imply privileged main-container security context.
go/core/internal/controller/translator/agent/manifest_builder.go Removes the “skills force code-exec isolation” coupling by dropping the needCodeExecIsolation mutation.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread go/core/internal/controller/translator/agent/security_context_test.go Outdated
@mesutoezdil mesutoezdil force-pushed the fix/skills-privileged-pss branch 3 times, most recently from ef26eb5 to 8a35f7f Compare June 12, 2026 21:43

@jmhbh jmhbh left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! makes sense to me

@jmhbh jmhbh enabled auto-merge (squash) June 15, 2026 22:31
jmhbh
jmhbh previously approved these changes Jun 15, 2026
auto-merge was automatically disabled June 17, 2026 08:14

Head branch was pushed to by a user without write access

@mesutoezdil mesutoezdil force-pushed the fix/skills-privileged-pss branch 2 times, most recently from 2f0bcff to e7f03e7 Compare June 17, 2026 17:16
@mesutoezdil mesutoezdil force-pushed the fix/skills-privileged-pss branch from 02c47e7 to 11711f3 Compare July 3, 2026 16:04
@mesutoezdil mesutoezdil requested a review from a team as a code owner July 7, 2026 16:03
@mesutoezdil mesutoezdil force-pushed the fix/skills-privileged-pss branch 3 times, most recently from 9def053 to e7df9db Compare July 10, 2026 14:57

@EItanya EItanya left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The issue here is more nuanced. There are 2 features in our API, code execution and skills. Skills may execute code even if code_execution is not set. code_execution on the API specifically refers to executing code generated by the LLM, not code within skills themselves. We should probably deprecate the "code_execution" API feature altogether because it's very confusing

@mesutoezdil

Copy link
Copy Markdown
Contributor Author

The issue here is more nuanced. There are 2 features in our API, code execution and skills. Skills may execute code even if code_execution is not set. code_execution on the API specifically refers to executing code generated by the LLM, not code within skills themselves. We should probably deprecate the "code_execution" API feature altogether because it's very confusing

skills run entirely in the init container, so whatever code they execute happens there, not in the main container. i try here only removes privileged from the main container, the init container is unaffected. is not correct?

@mesutoezdil mesutoezdil force-pushed the fix/skills-privileged-pss branch from e7df9db to 5dc85be Compare July 10, 2026 15:35
@EItanya

EItanya commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

The issue here is more nuanced. There are 2 features in our API, code execution and skills. Skills may execute code even if code_execution is not set. code_execution on the API specifically refers to executing code generated by the LLM, not code within skills themselves. We should probably deprecate the "code_execution" API feature altogether because it's very confusing

skills run entirely in the init container, so whatever code they execute happens there, not in the main container. i try here only removes privileged from the main container, the init container is unaffected. is not correct?

No, skills are downloaded in the init container, but RUN in the main container

@mesutoezdil mesutoezdil force-pushed the fix/skills-privileged-pss branch 3 times, most recently from e4b2641 to 9f6205e Compare July 10, 2026 17:58
Signed-off-by: mesutoezdil <mesudozdil@gmail.com>
@mesutoezdil mesutoezdil force-pushed the fix/skills-privileged-pss branch from 9f6205e to 974937e Compare July 10, 2026 18:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Skills path sets privileged: true unconditionally, incompatible with restricted-PSS clusters

4 participants