Appearance
Hardening Validation
Use this section to validate host isolation, process isolation, policy integrity, and file system controls. These pages contain concrete procedures and evidence requirements.
Overview
- Validate that sandboxed apps cannot alter host state or escape isolation boundaries.
- Confirm child processes inherit denials (network, data motion, devices).
- Prove policy integrity (signature, rollback protection, offline posture).
- Validate Files tab Storage Contexts (
runtime.files.contexts) and file system bypass prevention.
Controls Catalog
- Policy surfaces:
runtime.files.contexts,runtime.security. - Adversarial focus: file system access, host modification, policy tampering.
Evidence Standards
- Required audit fields per test:
category,action,outcome,integrity.hash,rule.id.
