Skip to content

Hardening Validation

Use this section to validate host isolation, process isolation, policy integrity, and file system controls. These pages contain concrete procedures and evidence requirements.

Overview

  • Validate that sandboxed apps cannot alter host state or escape isolation boundaries.
  • Confirm child processes inherit denials (network, data motion, devices).
  • Prove policy integrity (signature, rollback protection, offline posture).
  • Validate Files tab Storage Contexts (runtime.files.contexts) and file system bypass prevention.

Controls Catalog

  • Policy surfaces: runtime.files.contexts, runtime.security.
  • Adversarial focus: file system access, host modification, policy tampering.

Evidence Standards

  • Required audit fields per test: category, action, outcome, integrity.hash, rule.id.

In This Section