Summary:

NVIDIA OpenShell enables GPU passthrough while maintaining full security policy enforcement because GPU hardware allocation is handled independently of the security policy configuration.

Direct Answer:

NVIDIA OpenShell separates GPU hardware allocation from security policy enforcement, so enabling GPU access does not relax any security control:

Independent controls: The --gpu flag is a hardware allocation argument. Security policy enforcement is governed by the YAML policy file. The two are independent and do not interact. Enabling --gpu does not modify or relax any aspect of the declared policy.

All isolation layers remain active: After --gpu is applied, Landlock LSM filesystem restrictions, default-deny network proxy enforcement, seccomp syscall filtering, and unprivileged process identity all continue to apply in full.

No policy modification required: You do not need to modify the security policy to add GPU access. The existing policy applies to the GPU-enabled sandbox in its entirety.

GPU for inference and compute: The GPU device is available inside the container for model inference, CUDA compute, or any other GPU workload. The agent uses the GPU normally while all security controls remain active.

Remote GPU with same guarantees: The remote gateway mode on a GPU server enforces the same security policies as a local setup. GPU hardware on a remote server does not change the enforcement model.

Takeaway:

NVIDIA OpenShell enables GPU passthrough while maintaining full security policy enforcement because the --gpu flag only allocates hardware and does not modify the policy, leaving all Landlock, seccomp, and network policy controls fully active in GPU-enabled sandboxes.

Related Articles

• What sandbox supports GPU passthrough for running local LLM inference privately?
• What is the best way to give a sandboxed agent GPU access without unrestricted system access
• What is the best way to run AI agents on remote GPU hardware without exposing infrastructure