fix(cdk): Run runsc during build time to create required directories

devin-ai-integration[bot] · aaronsteers · devin-ai-integration[bot] · commit dab5575c797c · 2025-03-09T19:15:22.000Z
Co-Authored-By: Aaron &lt;AJ&gt; Steers &lt;aj@airbyte.io&gt;
diff --git a/devlog/2025-03-sandboxing-2.md b/devlog/2025-03-sandboxing-2.md
@@ -54,7 +54,8 @@ The solution addresses these issues by:
    
 3. Pre-creating a static config.json file with the `spec` command hardcoded
 4. Copying this file to the OCI bundle directory during build
-5. Simplifying the wrapper script to use the pre-created directories and files
+5. Executing runsc once during build time as root to create any additional required directories
+6. Simplifying the wrapper script to use the pre-created directories and files
 
 ## Testing Results
 
diff --git a/docker/sandbox-poc/Dockerfile.gvisor b/docker/sandbox-poc/Dockerfile.gvisor
@@ -27,6 +27,10 @@ RUN mkdir -p /var/run/oci-bundle/rootfs && \
     chmod -R 777 /run/runsc && \
     chmod -R 777 /tmp/runsc
 
+# Run runsc once as root during build to create any additional required directories
+RUN cd /var/run/oci-bundle && \
+    runsc -TESTONLY-unsafe-nonroot run --bundle=/var/run/oci-bundle container-init || true
+
 # Copy the OCI config
 COPY scripts/oci-config.json /var/run/oci-bundle/config.json
 
