shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e9f0385198c18b7d545f71808ab72bb467d7bfe9
coder/docs/ai-coder/agent-firewall/nsjail/docker.md
T
Jiachen Jiang e9f0385198 docs: update AI Governance label and add v2.32 requirement (#24708) 
## Summary

Replace the "Premium" label with "AI Governance Add-On" and add a
disclaimer that the AI Governance Add-On is required for AI Gateway and
Agent Firewall as of Coder v2.32, across all AI Governance doc pages and
their children.

## Changes

**Label and requirement updates (7 files):**
- `docs/ai-coder/ai-governance.md`: Removed "(Premium)" from title;
updated GA section to state add-on required as of v2.32.
- `docs/ai-coder/ai-gateway/setup.md`: "Premium license" → "AI
Governance Add-On license".
- `docs/ai-coder/ai-gateway/ai-gateway-proxy/setup.md`: "Premium
license" → "AI Governance Add-On".
- `docs/ai-coder/ai-gateway/clients/claude-code.md`: "(Premium feature)"
→ "(AI Governance Add-On)".
- `docs/manifest.json`: `"state": ["premium"]` → `"state": ["ai
governance add-on"]` for 4 nav entries.

**Disclaimer added to all child pages (26 files):**

AI Gateway pages (18):
`index.md`, `setup.md`, `audit.md`, `monitoring.md`, `mcp.md`,
`reference.md`, `ai-gateway-proxy/index.md`,
`ai-gateway-proxy/setup.md`, `clients/index.md`,
`clients/claude-code.md`, `clients/codex.md`, `clients/mux.md`,
`clients/opencode.md`, `clients/factory.md`, `clients/cline.md`,
`clients/kilo-code.md`, `clients/roo-code.md`, `clients/vscode.md`,
`clients/jetbrains.md`, `clients/zed.md`, `clients/copilot.md`

Agent Firewall pages (8):
`index.md`, `version.md`, `landjail.md`, `rules-engine.md`,
`nsjail/index.md`, `nsjail/docker.md`, `nsjail/k8s.md`, `nsjail/ecs.md`

Other: `security.md`

> [!NOTE]
> The `"ai governance add-on"` state value in `manifest.json` is new.
The docs site renderer may need to be updated to support this state
value.

> Generated by Coder Agents
2026-05-07 17:09:54 -05:00

105 lines
3.8 KiB
Markdown
Raw Blame History

# nsjail on Docker
> [!NOTE]
> Agent Firewall requires the [AI Governance Add-On](../../ai-governance.md).
> As of Coder v2.32, deployments without the add-on will not be able to
> access Agent Firewall.
This page describes the runtime and permission requirements for running Agent
Firewall with the **nsjail** jail type on **Docker**.
For an overview of nsjail, see [nsjail](./index.md).
## Runtime & Permission Requirements for Running Boundary in Docker
This section describes the Linux capabilities and runtime configurations
required to run Agent Firewall with nsjail inside a Docker container.
Requirements vary depending on the OCI runtime and the seccomp profile in use.
### 1. Default `runc` runtime with `CAP_NET_ADMIN`
When using Docker's default `runc` runtime, Agent Firewall requires the
container to have `CAP_NET_ADMIN`. This is the minimal capability needed for
configuring virtual networking inside the container.
Docker's default seccomp profile may also block certain syscalls (such as
`clone`) required for creating unprivileged network namespaces. If you encounter
these restrictions, you may need to update or override the seccomp profile to
allow these syscalls.
[see Docker Seccomp Profile Considerations](#docker-seccomp-profile-considerations)
### 2. Default `runc` runtime with `CAP_SYS_ADMIN` (testing only)
For development or testing environments, you may grant the container
`CAP_SYS_ADMIN`, which implicitly bypasses many of the restrictions in Docker's
default seccomp profile.
- Agent Firewall does not require `CAP_SYS_ADMIN` itself.
- However, Docker's default seccomp policy commonly blocks namespace-related
syscalls unless `CAP_SYS_ADMIN` is present.
- Granting `CAP_SYS_ADMIN` enables Agent Firewall to run without modifying the
seccomp profile.
⚠️ Warning: `CAP_SYS_ADMIN` is extremely powerful and should not be used in
production unless absolutely necessary.
### 3. `sysbox-runc` runtime with `CAP_NET_ADMIN`
When using the `sysbox-runc` runtime (from Nestybox), Agent Firewall can run
with only:
- `CAP_NET_ADMIN`
The sysbox-runc runtime provides more complete support for unprivileged user
namespaces and nested containerization, which typically eliminates the need for
seccomp profile modifications.
## Docker Seccomp Profile Considerations
Docker's default seccomp profile frequently blocks the `clone` syscall, which is
required by Agent Firewall when creating unprivileged network namespaces. If
the `clone` syscall is denied, Agent Firewall will fail to start.
To address this, you may need to modify or override the seccomp profile used by
your container to explicitly allow the required `clone` variants.
You can find the default Docker seccomp profile for your Docker version here
(specify your docker version):
https://github.com/moby/moby/blob/v25.0.13/profiles/seccomp/default.json#L628-L635
If the profile blocks the necessary `clone` syscall arguments, you can provide a
custom seccomp profile that adds an allow rule like the following:
```json
{
"names": ["clone"],
"action": "SCMP_ACT_ALLOW"
}
```
This example unblocks the clone syscall entirely.
### Example: Overriding the Docker Seccomp Profile
To use a custom seccomp profile, start by downloading the default profile for
your Docker version:
https://github.com/moby/moby/blob/v25.0.13/profiles/seccomp/default.json#L628-L635
Save it locally as seccomp-v25.0.13.json, then insert the clone allow rule shown
above (or add "clone" to the list of allowed syscalls).
Once updated, you can run the container with the custom seccomp profile:
```bash
docker run -it \
--cap-add=NET_ADMIN \
--security-opt seccomp=seccomp-v25.0.13.json \
test bash
```
This instructs Docker to load your modified seccomp profile while granting only
the minimal required capability (`CAP_NET_ADMIN`).
Reference in New Issue View Git Blame Copy Permalink