DevRadar
šŸŒ Nvidia Ai DevSignificant

NVIDIA OpenShell v0.0.34 Introduces Live Sandbox Policy Updates

NVIDIA OpenShell v0.0.34 release with several substantive changes to the VM installation and sandbox policy system. Key changes: install-vm now handles gateway and VM driver installation with new --driver-dir flag support; sandbox get command now displays active runtime policy; supervisor seccomp (secure computing mode) security improvements; HTTP normalization added; sandbox policies can now be updated without restarting the runtime. These are genuine CLI/API workflow changes affecting how developers manage containers and VMs in NVIDIA's development environment.

NVIDIA AI DeveloperTuesday, April 21, 2026Original source
#OpenSource#CLI#Security#Containers#DevTools

NVIDIA OpenShell v0.0.34 Introduces Live Sandbox Policy Updates

Summary

OpenShell v0.0.34 enables dynamic sandbox policy updates without runtime restartsā€”a significant workflow improvement for developers managing containers and VMs. The release also overhauls the install-vm command with gateway/VM driver installation support and adds supervisor seccomp hardening.

Integration Strategy

When to Use This?

Primary Use Cases:

  • Development environments requiring frequent policy iteration (security testing, compliance validation)
  • CI/CD pipelines managing ephemeral container/VM resources
  • Multi-tenant sandbox environments with dynamic policy requirements
  • Workloads requiring strict syscall control (high-security container isolation)

How to Integrate?

Upgrade Path:

# Standard update via package manager or direct binary replacement
# Verify version
openshell --version  # Should return 0.0.34

# Check active policy (new command)
sandbox get

# Install VM with driver directory
install-vm --driver-dir /opt/nvidia/drivers

API Compatibility: No breaking changes reported. The --driver-dir flag is additive; existing install-vm invocations remain functional (inferred).

Migration Considerations:

  • Existing sandbox configurations remain valid
  • Policy update workflows shift from restart-based to live-update patterns
  • Supervisor HTTP behavior changes may affect custom request handling (test before production deployment)

Compatibility

  • Target Environment: NVIDIA container/VM development ecosystems
  • Operating System: Linux primary (inferred; seccomp is Linux-specific)
  • Dependencies: No external dependency changes documented
  • Backward Compatibility: Confirmed (no breaking changes noted)

Source: @NVIDIAAIDev Reference: NVIDIA/OpenShell Releases - v0.0.34 Published: November 2024 (approximate) DevRadar Analysis Date: 2026-04-21