chore(orch): remove unnecessary `ALLOW_SANDBOX_INTERNET` by jakubno · Pull Request #2634 · e2b-dev/infra

jakubno · 2026-05-12T14:21:49Z

API is setting the network config based on that parameter already, so this isn't needed anymore

cursor · 2026-05-12T14:21:57Z

PR Summary

High Risk
This removes a global guardrail that could previously force-disable sandbox internet; if the API/network config is missing or mis-set, sandboxes may regain unrestricted egress unexpectedly. Terraform users still setting allow_sandbox_internet will also hit plan/apply failures until they remove the variable from their tfvars/env wiring.

Overview
Removes ALLOW_SANDBOX_INTERNET end-to-end (Terraform vars/wiring, Nomad job env, and orchestrator config), and deletes the server-side fallback that overrode sandbox egress when internet was disallowed. Risk: sandbox egress control now relies entirely on the request’s network config, so a missing/incorrect config can unintentionally allow outbound internet.

^{Reviewed by Cursor Bugbot for commit 88988c5. Bugbot is set up for automated code reviews on this repo. Configure here.}

codecov · 2026-05-12T14:22:57Z

❌ 9 Tests Failed:

Tests completed	Failed	Passed	Skipped
2616	9	2607	7

View the top 1 failed test(s) by shortest run time

github.com/e2b-dev/infra/packages/shared/pkg/storage::TestRetryableClient_ActualRetryBehavior

Stack Traces | 0.34s run time

=== RUN   TestRetryableClient_ActualRetryBehavior
=== PAUSE TestRetryableClient_ActualRetryBehavior
=== CONT  TestRetryableClient_ActualRetryBehavior
    gcp_multipart_test.go:1014: 
        	Error Trace:	.../pkg/storage/gcp_multipart_test.go:1014
        	Error:      	"227.36623ms" is not less than "200ms"
        	Test:       	TestRetryableClient_ActualRetryBehavior
--- FAIL: TestRetryableClient_ActualRetryBehavior (0.34s)

View the full list of 14 ❄️ flaky test(s)

github.com/e2b-dev/infra/tests/integration/internal/tests/api/metrics::TestTeamMetrics

Flake rate in main: 70.21% (Passed 143 times, Failed 337 times)

Stack Traces | 1.42s run time

=== RUN   TestTeamMetrics
=== PAUSE TestTeamMetrics
=== CONT  TestTeamMetrics
    team_metrics_test.go:61: 
        	Error Trace:	.../api/metrics/team_metrics_test.go:61
        	Error:      	Should be true
        	Test:       	TestTeamMetrics
        	Messages:   	MaxConcurrentSandboxes should be >= 0
--- FAIL: TestTeamMetrics (1.42s)

github.com/e2b-dev/infra/tests/integration/internal/tests/api/sandboxes::TestUpdateNetworkConfig

Flake rate in main: 76.52% (Passed 151 times, Failed 492 times)

Stack Traces | 33.3s run time

=== RUN   TestUpdateNetworkConfig
=== PAUSE TestUpdateNetworkConfig
=== CONT  TestUpdateNetworkConfig
--- FAIL: TestUpdateNetworkConfig (33.26s)

github.com/e2b-dev/infra/tests/integration/internal/tests/api/sandboxes::TestUpdateNetworkConfig/pause_resume_preserves_allow_internet_access_false

Flake rate in main: 77.02% (Passed 145 times, Failed 486 times)

Stack Traces | 0.12s run time

=== RUN   TestUpdateNetworkConfig/pause_resume_preserves_allow_internet_access_false
Executing command curl in sandbox iqkciy2m31pcwxdhh8y74
    sandbox_network_update_test.go:372: Command [curl] output: event:{start:{pid:1350}}
    sandbox_network_update_test.go:372: 
        	Error Trace:	.../api/sandboxes/sandbox_network_out_test.go:75
        	            				.../api/sandboxes/sandbox_network_update_test.go:60
        	            				.../api/sandboxes/sandbox_network_update_test.go:372
        	Error:      	"failed to execute command curl in sandbox iqkciy2m31pcwxdhh8y74: invalid_argument: protocol error: incomplete envelope: unexpected EOF" does not contain "failed with exit code"
        	Test:       	TestUpdateNetworkConfig/pause_resume_preserves_allow_internet_access_false
        	Messages:   	Expected connection failure message
--- FAIL: TestUpdateNetworkConfig/pause_resume_preserves_allow_internet_access_false (0.12s)

github.com/e2b-dev/infra/tests/integration/internal/tests/api/templates::TestTemplateBuildENV

Flake rate in main: 59.30% (Passed 140 times, Failed 204 times)

Stack Traces | 0s run time

=== RUN   TestTemplateBuildENV
=== PAUSE TestTemplateBuildENV
=== CONT  TestTemplateBuildENV
--- FAIL: TestTemplateBuildENV (0.00s)

github.com/e2b-dev/infra/tests/integration/internal/tests/api/templates::TestTemplateBuildENV/ENV_with_multiline_value

Flake rate in main: 60.18% (Passed 133 times, Failed 201 times)

Stack Traces | 27.9s run time

=== RUN   TestTemplateBuildENV/ENV_with_multiline_value
=== PAUSE TestTemplateBuildENV/ENV_with_multiline_value
=== CONT  TestTemplateBuildENV/ENV_with_multiline_value
    build_template_test.go:134: test-ubuntu-env-multiline: [info] Building template zbaubxj4efputdnf15vv/1a8cd399-f7bd-42d0-80e4-10785449c004
    build_template_test.go:134: test-ubuntu-env-multiline: [info] CACHED [base] FROM ubuntu:22.04 [ffd709f131f42dfab282de47a91dd2c139e900c1c11fc574b49b517a05ef0a32]
    build_template_test.go:134: test-ubuntu-env-multiline: [info] CACHED [base] DEFAULT USER user [90bdd4afa342293c931373351bf578872dec9179214ba3e8bf9edba311466213]
    build_template_test.go:134: test-ubuntu-env-multiline: [info] [builder 1/2] ENV MULTILINE line1
        line2
        line3 [e93da3f3765f20eb6407c336b9e4e0b9321d994ec5f6cb547743a2a4070eed23]
    build_template_test.go:134: test-ubuntu-env-multiline: [info] [builder 2/2] RUN [[ $(echo "$MULTILINE" | wc -l) -eq 3 ]] || exit 1 [477610d61cdf858776262d3331809539bcbcf16f706aac18515a57337bae1786]
    build_template_test.go:134: test-ubuntu-env-multiline: [error] Build failed: failed to run command '[[ $(echo "$MULTILINE" | wc -l) -eq 3 ]] || exit 1': exit status 1
    build_template_test.go:374: Build failed: {<nil> failed to run command '[[ $(echo "$MULTILINE" | wc -l) -eq 3 ]] || exit 1': exit status 1 0xc0003500c0}
--- FAIL: TestTemplateBuildENV/ENV_with_multiline_value (27.95s)

github.com/e2b-dev/infra/tests/integration/internal/tests/api/templates::TestTemplateBuildRUN

Flake rate in main: 55.21% (Passed 142 times, Failed 175 times)

Stack Traces | 0s run time

=== RUN   TestTemplateBuildRUN
=== PAUSE TestTemplateBuildRUN
=== CONT  TestTemplateBuildRUN
--- FAIL: TestTemplateBuildRUN (0.00s)

github.com/e2b-dev/infra/tests/integration/internal/tests/api/templates::TestTemplateBuildRUN/Single_RUN_command

Flake rate in main: 55.21% (Passed 142 times, Failed 175 times)

Stack Traces | 168s run time

=== RUN   TestTemplateBuildRUN/Single_RUN_command
=== PAUSE TestTemplateBuildRUN/Single_RUN_command
=== CONT  TestTemplateBuildRUN/Single_RUN_command
    build_template_test.go:134: test-ubuntu-run: [info] Building template vfiilrjdvjpslhg89bhh/13d603f8-1c41-46a4-b96a-3f6de09dd74d
    build_template_test.go:134: test-ubuntu-run: [info] [base] FROM ubuntu:22.04 [ffd709f131f42dfab282de47a91dd2c139e900c1c11fc574b49b517a05ef0a32]
    build_template_test.go:134: test-ubuntu-run: [info] Base Docker image size: 30 MB
    build_template_test.go:134: test-ubuntu-run: [info] Creating file system and pulling Docker image
    build_template_test.go:134: test-ubuntu-run: [info] Uncompressing layer sha256:f63eb04151bcac21ad049f8d781b97b219aba392c5457907f8f3e88e43eb48ec 30 MB
    build_template_test.go:134: test-ubuntu-run: [info] Uncompressing layer sha256:8c5f2c3e6fe0f5df71d54cd4bc2f2cb1a490ef79ea1a0b920ce7381788672a46 12 MB
    build_template_test.go:134: test-ubuntu-run: [info] Uncompressing layer sha256:8c4b1b28875140ed3abacaf16ad0d696f6bef912f52d2148f261a23e3349465b 168 B
    build_template_test.go:134: test-ubuntu-run: [info] Layers extracted
    build_template_test.go:134: test-ubuntu-run: [info] Root filesystem structure: bin, boot, dev, etc, home, lib, lib32, lib64, libx32, media, mnt, opt, proc, root, run, sbin, srv, sys, tmp, usr, var
    build_template_test.go:134: test-ubuntu-run: [info] Provisioning sandbox template
    build_template_test.go:134: test-ubuntu-run: [info] Provisioning was successful, cleaning up
    build_template_test.go:134: test-ubuntu-run: [info] Sandbox template provisioned
    build_template_test.go:134: test-ubuntu-run: [info] [base] DEFAULT USER user [90bdd4afa342293c931373351bf578872dec9179214ba3e8bf9edba311466213]
    build_template_test.go:134: test-ubuntu-run: [info] [builder 1/1] RUN echo 'Hello, World!' [0f555930fc7ecac094fbde7e0c82c834b8c4c2a8ac16f4b0938c4a705d74f4fd]
    build_template_test.go:134: test-ubuntu-run: [info] [builder 1/1] [stdout]: Hello, World!
    build_template_test.go:134: test-ubuntu-run: [info] [finalize] Finalizing template build [b22adeee315d1e1b1ce9456d90a0416b80f86274893376bcb4dc6b00fe3ddf0f]
    build_template_test.go:134: test-ubuntu-run: [error] Build failed: build was cancelled
    build_template_test.go:167: Build failed: {<nil> build was cancelled <nil>}
--- FAIL: TestTemplateBuildRUN/Single_RUN_command (167.51s)

github.com/e2b-dev/infra/tests/integration/internal/tests/envd::TestBindLocalhost
Flake rate in main: 57.12% (Passed 253 times, Failed 337 times)
Stack Traces | 0s run time
=== RUN   TestBindLocalhost
=== PAUSE TestBindLocalhost
=== CONT  TestBindLocalhost
--- FAIL: TestBindLocalhost (0.00s)

github.com/e2b-dev/infra/tests/integration/internal/tests/envd::TestBindLocalhost/bind_0_0_0_0

Flake rate in main: 62.99% (Passed 141 times, Failed 240 times)

Stack Traces | 7.87s run time

=== RUN   TestBindLocalhost/bind_0_0_0_0
=== PAUSE TestBindLocalhost/bind_0_0_0_0
=== CONT  TestBindLocalhost/bind_0_0_0_0
    localhost_bind_test.go:69: Command [python] output: event:{start:{pid:1258}}
Executing command python in sandbox i9nomoxvjenn7krry7hfb
    localhost_bind_test.go:90: 
        	Error Trace:	.../tests/envd/localhost_bind_test.go:90
        	Error:      	Not equal: 
        	            	expected: 200
        	            	actual  : 502
        	Test:       	TestBindLocalhost/bind_0_0_0_0
        	Messages:   	Unexpected status code 502 for bind address 0.0.0.0
--- FAIL: TestBindLocalhost/bind_0_0_0_0 (7.87s)

github.com/e2b-dev/infra/tests/integration/internal/tests/envd::TestBindLocalhost/bind_127_0_0_1

Flake rate in main: 58.06% (Passed 143 times, Failed 198 times)

Stack Traces | 6.7s run time

=== RUN   TestBindLocalhost/bind_127_0_0_1
=== PAUSE TestBindLocalhost/bind_127_0_0_1
=== CONT  TestBindLocalhost/bind_127_0_0_1
    localhost_bind_test.go:69: Command [python] output: event:{start:{pid:1257}}
    localhost_bind_test.go:90: 
        	Error Trace:	.../tests/envd/localhost_bind_test.go:90
        	Error:      	Not equal: 
        	            	expected: 200
        	            	actual  : 502
        	Test:       	TestBindLocalhost/bind_127_0_0_1
        	Messages:   	Unexpected status code 502 for bind address 127.0.0.1
--- FAIL: TestBindLocalhost/bind_127_0_0_1 (6.70s)

github.com/e2b-dev/infra/tests/integration/internal/tests/envd::TestBindLocalhost/bind_::1

Flake rate in main: 64.93% (Passed 141 times, Failed 261 times)

Stack Traces | 10.4s run time

=== RUN   TestBindLocalhost/bind_::1
=== PAUSE TestBindLocalhost/bind_::1
=== CONT  TestBindLocalhost/bind_::1
Executing command python in sandbox i607wtdtzs8ey9ult6asi
    localhost_bind_test.go:69: Command [python] output: event:{start:{pid:1258}}
    localhost_bind_test.go:90: 
        	Error Trace:	.../tests/envd/localhost_bind_test.go:90
        	Error:      	Not equal: 
        	            	expected: 200
        	            	actual  : 502
        	Test:       	TestBindLocalhost/bind_::1
        	Messages:   	Unexpected status code 502 for bind address ::1
--- FAIL: TestBindLocalhost/bind_::1 (10.43s)

github.com/e2b-dev/infra/tests/integration/internal/tests/envd::TestBindLocalhost/bind_localhost

Flake rate in main: 64.84% (Passed 141 times, Failed 260 times)

Stack Traces | 7.89s run time

=== RUN   TestBindLocalhost/bind_localhost
=== PAUSE TestBindLocalhost/bind_localhost
=== CONT  TestBindLocalhost/bind_localhost
Executing command python in sandbox ix80i59267f26tc3yrf45
    localhost_bind_test.go:69: Command [python] output: event:{start:{pid:1258}}
    localhost_bind_test.go:90: 
        	Error Trace:	.../tests/envd/localhost_bind_test.go:90
        	Error:      	Not equal: 
        	            	expected: 200
        	            	actual  : 502
        	Test:       	TestBindLocalhost/bind_localhost
        	Messages:   	Unexpected status code 502 for bind address localhost
--- FAIL: TestBindLocalhost/bind_localhost (7.89s)

github.com/e2b-dev/infra/tests/integration/internal/tests/orchestrator::TestSandboxMemoryIntegrity

Flake rate in main: 66.14% (Passed 151 times, Failed 295 times)

Stack Traces | 86.7s run time

=== RUN   TestSandboxMemoryIntegrity
=== PAUSE TestSandboxMemoryIntegrity
=== CONT  TestSandboxMemoryIntegrity
    sandbox_memory_integrity_test.go:26: Build completed successfully
--- FAIL: TestSandboxMemoryIntegrity (86.70s)

github.com/e2b-dev/infra/tests/integration/internal/tests/orchestrator::TestSandboxMemoryIntegrity/tmpfs_hash

Flake rate in main: 67.21% (Passed 141 times, Failed 289 times)

Stack Traces | 42.3s run time

=== RUN   TestSandboxMemoryIntegrity/tmpfs_hash
=== PAUSE TestSandboxMemoryIntegrity/tmpfs_hash
=== CONT  TestSandboxMemoryIntegrity/tmpfs_hash
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{start:{pid:1256}}
Executing command bash in sandbox iwir660pstjdd1tpd636h (user: root)
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stdout:"Total memory: 985 MB\nUsed memory before tmpfs mount: 182 MB\nFree memory before tmpfs mount: 802 MB\nMemory to use in integrity test (80% of free, min 64MB): 641 MB\n"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"641+0 records in\n641+0 records out\n672137216 bytes (672 MB, 641 MiB) copied, 14.4394 s, 46.5 MB/s\n"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"\t"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"C"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"o"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"m"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"m"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"a"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"n"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"d"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:" "}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"b"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"e"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"i"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"n"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"g"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:" "}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"t"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"i"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"m"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"e"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"d"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:":"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:" "}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"\""}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"dd"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:" "}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"if=/dev/urandom"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:" "}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"of=/mnt/testfile"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:" "}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"bs=1M"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:" "}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"count=641"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"\""}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"\n"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"\t"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"U"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"s"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"e"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"r"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:" "}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"t"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"ime (second"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"s): 0.00\n\tSystem tim"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"e"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:" (seconds): 14.20\n\tPercent of CPU this job got: 98%\n\tElapsed (wall clock) time (h:mm:ss or m:ss): 0:14.48\n\tAvera"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"ge shared text"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:" size (kbytes): 0\n\t"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"Average unsha"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"red data size"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:" (kbytes): 0\n\tAverage stack size (kbytes): 0\n\tAverage total size (kbytes): 0\n\tMaximum residen"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"t set size (kbytes): 2616\n\tAverage resident set siz"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"e (kbytes): 0\n\tMajor (requiring I/O) page "}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"faults: 3\n\tMinor (reclaiming a frame) page faults: 340\n\tVoluntary context switches: 4"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"\n\tInvoluntary context switches: 74\n\tSw"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"aps: 0\n\tFile system inputs: 176\n\tF"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"ile system outputs: 0\n\tSocket messa"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"ges sent: 0\n\tSocket messages received: 0\n\tSignals delivered: 0\n\tPa"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stderr:"ge size (bytes): 4096\n\tExit status: 0\n"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{data:{stdout:"Used memory after tmpfs mount and file fill: 836 MB\n"}}
    sandbox_memory_integrity_test.go:70: Command [bash] output: event:{end:{exited:true  status:"exit status 0"}}
    sandbox_memory_integrity_test.go:70: Command [bash] completed successfully in sandbox ie3ua7snjyqlzomyvow4l
Executing command bash in sandbox ie3ua7snjyqlzomyvow4l (user: root)
    sandbox_memory_integrity_test.go:74: Command [bash] output: event:{start:{pid:1273}}
    sandbox_memory_integrity_test.go:74: Command [bash] output: event:{data:{stdout:"ee3336aef947200100244ea71a754fa77aefd29f07f2a7fd2395ace833d6d4dd\n"}}
    sandbox_memory_integrity_test.go:74: Command [bash] output: event:{end:{exited:true  status:"exit status 0"}}
    sandbox_memory_integrity_test.go:74: Command [bash] completed successfully in sandbox ie3ua7snjyqlzomyvow4l
Executing command bash in sandbox ie3ua7snjyqlzomyvow4l (user: root)
    sandbox_memory_integrity_test.go:99: Command [bash] output: event:{start:{pid:1276}}
    sandbox_memory_integrity_test.go:100: 
        	Error Trace:	.../tests/orchestrator/sandbox_memory_integrity_test.go:100
        	Error:      	Received unexpected error:
        	            	failed to execute command bash in sandbox ie3ua7snjyqlzomyvow4l: invalid_argument: protocol error: incomplete envelope: unexpected EOF
        	Test:       	TestSandboxMemoryIntegrity/tmpfs_hash
--- FAIL: TestSandboxMemoryIntegrity/tmpfs_hash (42.27s)

To view more test analytics, go to the Test Analytics Dashboard
_{📋 Got 3 mins? Take this short survey to help us improve Test Analytics.}

gemini-code-assist

Code Review

A security risk exists during rolling updates because the orchestrator no longer respects the allow_internet_access field while it is still being transitioned in the API. New orchestrator instances will ignore this field from older API instances, potentially granting unintended internet access. The field should remain deprecated and respected until the migration is verified. Additionally, the API response for existing sandboxes is now inaccurate because the AllowInternetAccess parameter is hardcoded to nil in GetSandboxes. This value should be reconstructed from the network configuration's denied CIDRs.

Drop the ALLOW_SANDBOX_INTERNET env var plumbing from Terraform (provider-gcp, provider-aws, job-orchestrator module, GCP Makefile) and the matching orchestrator config/logic. Sandbox internet access is now controlled solely via the per-sandbox network config.

arkamar

lgtm

linear-code · 2026-05-25T16:39:05Z

ENG-3291

cla-bot Bot added the cla-signed label May 12, 2026

e2b-request-same-site-reviewers Bot assigned arkamar May 12, 2026

gemini-code-assist Bot reviewed May 12, 2026

View reviewed changes

Comment thread packages/orchestrator/orchestrator.proto Outdated

Comment thread packages/api/internal/orchestrator/nodemanager/sandboxes.go Outdated

jakubno force-pushed the chore/remove-unused-tf-var branch from c7da6d4 to 5107f7d Compare May 12, 2026 19:57

jakubno force-pushed the chore/remove-unused-tf-var branch from 5107f7d to 88988c5 Compare May 13, 2026 06:50

jakubno unassigned arkamar May 13, 2026

jakubno marked this pull request as ready for review May 13, 2026 12:40

jakubno requested review from ValentaTomas and dobrac as code owners May 13, 2026 12:40

e2b-request-same-site-reviewers Bot assigned kalyazin May 13, 2026

cursor Bot reviewed May 13, 2026

View reviewed changes

Comment thread packages/orchestrator/pkg/server/sandboxes.go

jakubno unassigned kalyazin May 14, 2026

arkamar approved these changes May 25, 2026

View reviewed changes

jakubno merged commit e964729 into main May 25, 2026
95 of 96 checks passed

jakubno deleted the chore/remove-unused-tf-var branch May 25, 2026 16:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(orch): remove unnecessary `ALLOW_SANDBOX_INTERNET`#2634

chore(orch): remove unnecessary `ALLOW_SANDBOX_INTERNET`#2634
jakubno merged 1 commit into
mainfrom
chore/remove-unused-tf-var

jakubno commented May 12, 2026 •

edited

Loading

Uh oh!

cursor Bot commented May 12, 2026 •

edited

Loading

Uh oh!

codecov Bot commented May 12, 2026 •

edited

Loading

Uh oh!

gemini-code-assist Bot left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

arkamar left a comment

Uh oh!

Uh oh!

linear-code Bot commented May 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

jakubno commented May 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

cursor Bot commented May 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

PR Summary

Uh oh!

codecov Bot commented May 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

❌ 9 Tests Failed:

Uh oh!

gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

Uh oh!

Uh oh!

Uh oh!

arkamar left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

linear-code Bot commented May 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

jakubno commented May 12, 2026 •

edited

Loading

cursor Bot commented May 12, 2026 •

edited

Loading

codecov Bot commented May 12, 2026 •

edited

Loading