[GR-76680] GraalPy GraalOS standalone testing and fixes.

ci.jsonnet

@@ -5,7 +5,7 @@
 (import "ci/python-gate.libsonnet") +
 (import "ci/python-bench.libsonnet") +
 {
-    overlay: "26571215e27b3c415afb8119d38a0418c14b29c9",
+    overlay: "12367561e6a2b54df8d3b1bd400e431de01eef0f",
     specVersion: "8",
     // Until buildbot issues around CI tiers are resolved, we cannot use them
     // tierConfig: self.tierConfig,
@@ -310,15 +310,17 @@
         "tox-example": gpgate_ee + require(GPYEE_NATIVE_STANDALONE) + platform_spec(no_jobs) + platform_spec({
             "linux:amd64:jdk-latest"     : tier3,
         }),
-        // "python-svm-graalos-standalone-build": gpgate_ee + internet_access_env + platform_spec(no_jobs) + platform_spec({
-        //     "linux:amd64:jdk-latest": tier3 + $.ol8 + task_spec({
-        //         environment +: {
-        //             GRAALPY_GRAALOS_TOOLCHAIN_URL: $.overlay_imports.GRAALPY_GRAALOS_TOOLCHAIN_URL,
-        //             GRAALPY_GRAALOS_RUNTIME_URL: $.overlay_imports.GRAALPY_GRAALOS_RUNTIME_URL,
-        //             GRAALPY_GRAALOS_ARTIFACT_BASE_URL: $.overlay_imports.GRAALPY_GRAALOS_ARTIFACT_BASE_URL,
-        //         },
-        //     }),
-        // }),
+        "python-svm-graalos-standalone-build": gpgate_ee + internet_access_env + platform_spec(no_jobs) + platform_spec({
+            "linux:amd64:jdk-latest": tier3 + $.ol8 + task_spec({
+                capabilities+: ["mpk", "!fast", "!x82", "!x82_16_367"],
+                deploysArtifacts: true,
+                environment +: {
+                    GRAALPY_GRAALOS_TOOLCHAIN_URL: $.overlay_imports.GRAALPY_GRAALOS_TOOLCHAIN_URL,
+                    GRAALPY_GRAALOS_RUNTIME_URL: $.overlay_imports.GRAALPY_GRAALOS_RUNTIME_URL,
+                    GRAALPY_GRAALOS_ARTIFACT_BASE_URL: $.overlay_imports.GRAALPY_GRAALOS_ARTIFACT_BASE_URL,
+                },
+            }),
+        }),
     },
 
     local need_pgo = task_spec({runAfter: ["python-pgo-profile-post_merge-linux-amd64-jdk-latest"]}),

graalpython/com.oracle.graal.python.test/src/tests/graalos/GRAALOS_DEMO.md

@@ -0,0 +1,78 @@
+# GraalOS Standalone Sandbox Demo
+
+This demo shows a small chat-style Python evaluator running inside the
+GraalPy GraalOS standalone.
+
+The story:
+
+1. `rich` renders a friendly terminal UI.
+2. The demo treats each entered expression as untrusted Python code, such as
+   code produced by an LLM agent or pasted by a human operator.
+3. The process is inside the GraalOS sandbox, so file, subprocess,
+   network, and native library attempts remain contained.
+
+## Setup
+
+We can install the `rich` wheel directly into the standalone's `site-packages`
+using any standard Python. While we could run `ensurepip` and `pip` inside the
+sandbox by configuring the appropriate network access, we do this here
+intentionally done outside the sandbox. The sandboxed standalone has no
+outbound network mapping by default, which is one of the things the demo can
+show.
+
+```bash
+python3 -m pip install \
+  --target GRAALPY_NATIVE_GRAALOS_STANDALONE/lib/python3.12/site-packages \
+  --only-binary=:all: \
+  --python-version 3.12 \
+  --implementation py --implementation graalpy \
+  --abi none --abi graalpy250_312_native \
+  --platform any --platform graalos_x86_64 \
+  --no-compile \
+  rich
+```
+
+There should be a file `test_graalos_sandbox_chat.py` in this directory. If
+not, find it in and copy it from the GraalPy source repository. From inside the
+sandbox that file is available as `/test_graalos_sandbox_chat.py`, so run:
+
+```bash
+./bin/graalpy /test_graalos_sandbox_chat.py
+```
+
+For a non-interactive walkthrough:
+
+```bash
+./bin/graalpy /test_graalos_sandbox_chat.py --demo
+```
+
+## Demo Beats
+
+Start with a normal expression:
+
+```python
+sum([i*i for i in range(1000)])
+```
+
+Then move on to untrusted code that tries to access host resources:
+
+```python
+open('/etc/passwd').read()
+open('/etc/passwd').read().splitlines()[:3]
+open('/etc/shadow').read()
+__import__('subprocess').run(['/bin/sh', '-c', 'id'], capture_output=True, text=True)
+__import__('socket').create_connection(('example.com', 80), timeout=2)
+__import__('ctypes').CDLL('libc.so').system(b'cat /etc/shadow')
+```
+
+Expected result: harmless operations work or fail normally; sensitive host
+resources are unavailable because the process only sees the sandboxed virtual
+filesystem, process namespace, and configured network policy. The native
+`system()` probe returns `-1`, which the demo renders as blocked.
+
+## Why This Is Useful
+
+This is a deliberately unsafe application pattern: it evaluates untrusted Python
+code directly. That is useful for demonstrating the actual containment boundary.
+GraalOS is that boundary, and it mediates filesystem, subprocess, native, and
+network behavior even when the application itself offers no extra guardrails.

graalpython/com.oracle.graal.python.test/src/tests/graalos/test_graalos_sandbox_chat.py

@@ -0,0 +1,208 @@
+#!/usr/bin/env python3
+# Copyright (c) 2026, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# The Universal Permissive License (UPL), Version 1.0
+#
+# Subject to the condition set forth below, permission is hereby granted to any
+# person obtaining a copy of this software, associated documentation and/or
+# data (collectively the "Software"), free of charge and under any and all
+# copyright rights in the Software, and any and all patent rights owned or
+# freely licensable by each licensor hereunder covering either (i) the
+# unmodified Software as contributed to or provided by such licensor, or (ii)
+# the Larger Works (as defined below), to deal in both
+#
+# (a) the Software, and
+#
+# (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+# one is included with the Software each a "Larger Work" to which the Software
+# is contributed by such licensors),
+#
+# without restriction, including without limitation the rights to copy, create
+# derivative works of, display, perform, and distribute the Software and make,
+# use, sell, offer for sale, import, export, have made, and have sold the
+# Software and the Larger Work(s), and to sublicense the foregoing rights on
+# either these or other terms.
+#
+# This license is subject to the following condition:
+#
+# The above copyright notice and either this complete permission notice or at a
+# minimum a reference to the UPL must be included in all copies or substantial
+# portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+"""Small Rich demo for the GraalOS standalone sandbox."""
+
+from __future__ import annotations
+
+import argparse
+import io
+import sysconfig
+import textwrap
+import time
+import unittest
+from dataclasses import dataclass
+
+
+console = None
+
+
+@dataclass
+class EvalResult:
+    mode: str
+    ok: bool
+    output: str
+    elapsed_ms: float
+def render_message(role: str, body: str, style: str) -> None:
+    from rich.panel import Panel
+    from rich.text import Text
+    console.print(Panel(Text(body), title=role, title_align="left", border_style=style))
+
+
+def unsafe_eval(expr: str):
+    start = time.perf_counter()
+    try:
+        value = eval(expr)
+        elapsed = (time.perf_counter() - start) * 1000
+        if value == -1:
+            return EvalResult("python eval", False, "-1 (operation denied by sandbox/runtime)", elapsed)
+        return EvalResult("python eval", True, repr(value), elapsed)
+    except Exception as exc:
+        elapsed = (time.perf_counter() - start) * 1000
+        return EvalResult("python eval", False, f"{type(exc).__name__}: {exc}", elapsed)
+
+
+def render_result(result) -> None:
+    from rich.table import Table
+    table = Table.grid(padding=(0, 1))
+    table.add_column(style="bold")
+    table.add_column()
+    table.add_row("mode", result.mode)
+    table.add_row("status", "[green]ok[/green]" if result.ok else "[red]blocked/error[/red]")
+    table.add_row("time", f"{result.elapsed_ms:.1f} ms")
+    console.print(table)
+    render_message("sandbox", result.output, "green" if result.ok else "red")
+
+
+def evaluate(line: str) -> None:
+    line = line.strip()
+    if not line:
+        return
+    render_result(unsafe_eval(line))
+
+
+def demo_script() -> list[str]:
+    return [
+        "sum([i*i for i in range(1000)])",
+        "sin(pi / 4) ** 2 + cos(pi / 4) ** 2",
+        "open('/etc/passwd').read()",
+        "open('/etc/passwd').read().splitlines()[:3]",
+        "open('/etc/shadow').read()",
+        "__import__('subprocess').run(['/bin/sh', '-c', 'id'], capture_output=True, text=True)",
+        "__import__('socket').create_connection(('example.com', 80), timeout=2)",
+        "__import__('ctypes').CDLL('libc.so').system(b'cat /etc/shadow')",
+    ]
+
+
+def print_intro() -> None:
+    body = textwrap.dedent(
+        """
+        Type Python expressions and get chat-style results.
+
+        This demo treats each expression as untrusted Python code, such as
+        code proposed by an LLM agent or pasted by a human operator.
+        GraalOS sandboxes that code, so filesystem, subprocess, native
+        library, and network attempts remain contained.
+
+        Commands: /demo, /help, /quit
+        """
+    ).strip()
+    render_message("graalos sandbox chat", body, "cyan")
+
+
+def print_help() -> None:
+    examples = "\n".join(demo_script())
+    from rich.syntax import Syntax
+    console.print(Syntax(examples, "python", theme="ansi_dark", word_wrap=True))
+
+
+def interactive() -> int:
+    print_intro()
+    while True:
+        try:
+            line = console.input("[bold cyan]you>[/bold cyan] ")
+        except (EOFError, KeyboardInterrupt):
+            console.print()
+            return 0
+        command = line.strip()
+        if command in {"/quit", "/exit"}:
+            return 0
+        if command == "/help":
+            print_help()
+            continue
+        if command == "/demo":
+            run_demo()
+            continue
+        evaluate(line)
+
+
+def run_demo() -> None:
+    for line in demo_script():
+        render_message("you", line, "blue")
+        evaluate(line)
+
+
+def main(argv: list[str] | None = None) -> int:
+    from rich.console import Console
+    global console
+    if console is None:
+        console = Console()
+    parser = argparse.ArgumentParser()
+    parser.add_argument("--demo", action="store_true", help="run the prepared demo script and exit")
+    args = parser.parse_args(argv)
+
+    if args.demo:
+        print_intro()
+        run_demo()
+        return 0
+    return interactive()
+
+
+def skip_unless_graalos():
+    soabi = sysconfig.get_config_var("SOABI") or ""
+    if "graalos" not in soabi:
+        raise unittest.SkipTest(f"requires GraalOS SOABI, got {soabi!r}")
+
+
+class GraalOSSandboxChatTests(unittest.TestCase):
+
+    def setUp(self):
+        skip_unless_graalos()
+
+    def test_demo_packages(self):
+        import rich
+
+        self.assertTrue(rich.get_console())
+
+    def test_sandbox_chat_demo(self):
+        from rich.console import Console
+        global console
+        output = io.StringIO()
+        console = Console(file=output, force_terminal=False, color_system=None, width=120)
+        self.assertEqual(main(["--demo"]), 0)
+        stdout = output.getvalue()
+        self.assertIn("sum([i*i for i in range(1000)])", stdout)
+        self.assertIn("__import__('socket').create_connection", stdout)
+        self.assertIn("gaierror", stdout)
+        self.assertIn("FileNotFoundError", stdout)
+        self.assertIn("operation denied", stdout)
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

graalpython/com.oracle.graal.python.test/src/tests/test_graalos_standalone.py → graalpython/com.oracle.graal.python.test/src/tests/graalos/test_graalos_standalone.py

@@ -41,19 +41,26 @@
 import unittest
 
 
-def test_graalos_sqlite3_native_extension_smoke():
+def skip_unless_graalos():
     soabi = sysconfig.get_config_var("SOABI") or ""
     if "graalos" not in soabi:
         raise unittest.SkipTest(f"requires GraalOS SOABI, got {soabi!r}")
 
-    import _sqlite3
-    import sqlite3
-
-    assert _sqlite3.sqlite_version
-    conn = sqlite3.connect(":memory:")
-    try:
-        conn.execute("create table values_for_sum(value integer)")
-        conn.executemany("insert into values_for_sum(value) values (?)", [(1,), (2,), (3,)])
-        assert conn.execute("select sum(value) from values_for_sum").fetchone()[0] == 6
-    finally:
-        conn.close()
+
+class GraalOSStandaloneTests(unittest.TestCase):
+
+    def setUp(self):
+        skip_unless_graalos()
+
+    def test_sqlite3_native_extension_smoke(self):
+        import _sqlite3
+        import sqlite3
+
+        self.assertTrue(_sqlite3.sqlite_version)
+        conn = sqlite3.connect(":memory:")
+        try:
+            conn.execute("create table values_for_sum(value integer)")
+            conn.executemany("insert into values_for_sum(value) values (?)", [(1,), (2,), (3,)])
+            self.assertEqual(conn.execute("select sum(value) from values_for_sum").fetchone()[0], 6)
+        finally:
+            conn.close()

graalpython/graalpy_graalos_standalone_payload/CMakeLists.txt

@@ -49,7 +49,8 @@ file(REMOVE_RECURSE
     "${PAYLOAD_DIR}/bin"
     "${PAYLOAD_DIR}/libexec"
     "${PAYLOAD_DIR}/lib"
-    "${PAYLOAD_DIR}/config.json")
+    "${PAYLOAD_DIR}/config.json"
+    "${PAYLOAD_DIR}/README_GRAALOS_STANDALONE.md")
 file(MAKE_DIRECTORY
     "${PAYLOAD_DIR}/bin"
     "${PAYLOAD_DIR}/libexec"
@@ -169,6 +170,7 @@ _write_launcher("${PAYLOAD_DIR}/bin/${GRAALPY_CONFIG_LAUNCHER}" "/bin/graalpy-co
 _write_launcher("${PAYLOAD_DIR}/libexec/${GRAALPY_POLYGLOT_GET_LAUNCHER}" "/libexec/graalpy-polyglot-get")
 
 _copy_file("${CMAKE_CURRENT_LIST_DIR}/config.json" "${PAYLOAD_DIR}/config.json")
+_copy_file("${CMAKE_CURRENT_LIST_DIR}/README_GRAALOS_STANDALONE.md" "${PAYLOAD_DIR}/README_GRAALOS_STANDALONE.md")
 _copy_executable("${CMAKE_CURRENT_LIST_DIR}/graalpy-sandbox-launcher.sh" "${GRAALOS_DIR}/graalpy-sandbox-launcher")
 _copy_executable(
     "${CMAKE_CURRENT_LIST_DIR}/graalpy-sandbox-expand-config.sh"