fix(deps): update ghcr.io/codize-dev/nsjail:latest docker digest to a4131e2

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
ghcr.io/codize-dev/nsjail	stage	digest	c200a59 → a4131e2

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

This PR updates the ghcr.io/codize-dev/nsjail Docker base image from digest c200a59 (built 2026-03-08) to a4131e2 (built 2026-04-17), spanning 114 commits over approximately 40 days of upstream development.

Major Changes:

• nstun - New User-Mode Networking Stack: A completely new experimental networking stack was added as an alternative to pasta, providing lightweight IP-level connectivity via TUN device with NAT proxy, supporting TCP/UDP/ICMP with configurable firewall rules and SOCKS5 encapsulation
• Seccomp User Notification (SECCOMP_RET_USER_NOTIF): New telemetry system that monitors and logs sandboxed filesystem and network operations via async worker thread and protobuf-based reporting (optional feature, disabled by default)
• Mount System Improvements: Enhanced new-mount API with better generic mount flag handling, EROFS error handling for read-only mounts, and consolidated errno-preserving helpers
• Network Enhancements: pasta port forwarding improvements, IPv4/IPv6 enable/disable controls, network rules support, F_SEAL_FUTURE_WRITE for memfd sealing
• Build Compatibility Fixes: musl libc compatibility (fixed prctl.h conflicts), missing include fixes, libnl3 made optional

Breaking Changes:

• None that affect the sandbox service. The new features (nstun, seccomp user notification) are opt-in via CLI flags not used by this project
• Network namespace configuration (clone_newnet, iface_no_lo) remains unchanged and fully compatible

Security Fixes:

• nstun hardening: Multiple security improvements including checksum validation for UDP, IPv6 Authentication Header handling, SSRF protection via forged loopback/v4mapped destination blocking, MTU overflow prevention
• Mount system: EROFS handling prevents potential issues with read-only filesystem operations
• Seccomp: Fixed handling of repeated seccomp_string entries
• Resource limits: Fixed inherited rlimit handling for CLI options

🎯 Impact Scope Investigation

Usage Location Identification:

• The nsjail base image is used solely in Dockerfile:15 as the base stage for the sandbox container
• The sandbox uses a static nsjail configuration at internal/sandbox/configs/nsjail.cfg with:
  • clone_newnet: true - Network isolation enabled
  • iface_no_lo: true - Loopback disabled
  • Standard seccomp policy via /etc/nsjail/seccomp.kafel
  • No pasta, nstun, or user notification features enabled

Configuration Impact:

• The sandbox configuration file remains 100% compatible - no syntax or semantic changes required
• Network isolation settings are unaffected
• Seccomp filtering continues to work identically (no changes to SECCOMP_RET_KILL/ALLOW behavior)
• All mount directives remain supported

Dependency Impact:

• Base Debian bookworm-slim layer unchanged
• No changes to system libraries or runtime dependencies required by the sandbox
• The new optional features (nstun, libnl3) don't affect the container when unused

Testing Results:

• ✅ Docker build completes successfully with new image
• ✅ All unit tests pass: go test ./...
• ✅ All E2E tests pass (86.207s runtime): API validation, all runtimes (bash, go, node, python, ruby, rust), security tests
• ✅ Health check confirms server operational

💡 Recommended Actions

No action required. This update can be merged immediately.

Verification Steps Completed:

1. ✅ Analyzed 114 commits between old and new image versions
2. ✅ Confirmed no breaking changes to nsjail configuration format or CLI interface
3. ✅ Verified new features are opt-in and don't affect default behavior
4. ✅ Built and tested container with new base image
5. ✅ Ran complete E2E test suite - all tests passing

Optional Future Considerations:

• The new seccomp user notification feature could be evaluated for enhanced security telemetry in a future update (requires enabling --seccomp_unotify flag)
• The nstun networking stack remains experimental and is not recommended for production use

🔗 Reference Links

• nsjail repository
• Commit comparison: 222f2fa...eb50673 (114 commits)
• Seccomp user notification commit
• Container package

Generated by koki-develop/claude-renovate-review