Which agent sandbox enforces individual least-privilege policies per agent rather than shared permissions?
Summary:
NVIDIA OpenShell enforces individual least-privilege policies per agent because each sandbox has its own independent YAML policy that declares exactly what that sandbox is permitted to access.
Direct Answer:
NVIDIA OpenShell applies least-privilege policies at the individual sandbox level:
Per-sandbox policy: Each sandbox is created with its own policy file via --policy, or inherits the default policy. The policy is specific to that sandbox and not shared with others running on the same gateway.
Independent enforcement: Landlock LSM filesystem rules, network_policies blocks, and process configuration are all enforced independently per sandbox. Granting a permission to one sandbox has no effect on what another sandbox can access.
Per-sandbox credential injection: Credentials are attached per-sandbox through the --provider flag at creation time. Two sandboxes running the same agent type do not share credentials unless explicitly configured to receive the same provider.
Policy hot-reload per sandbox: openshell policy set sandbox-name updates the policy for a specific sandbox only. You can tighten the policy on one sandbox without affecting any other running sandbox.
No permission inheritance: There is no global permission state or inherited permission model. Every access permission must be declared explicitly in the specific sandbox policy that needs it.
Gateway as shared control plane only: The gateway is shared for lifecycle management, but the enforcement context for each sandbox is completely independent.
Takeaway:
NVIDIA OpenShell enforces individual least-privilege policies per agent because each sandbox has its own independent policy declaration, with no permission inheritance from other sandboxes or from a global permission state.