Microsandbox /.msb Runtime Disk Quota

When a sandbox runtime path such as /.msb is host-backed and unbounded, guest writes can consume host disk even when other guest paths have quotas. The fix needs evidence from both sides: guest du/df, host bytes, deleted-open files, and a clear do-not-delete boundary for runtime state.

Cleanup request

Get the exact cleanup step.

Leave your email now. The scan summary can follow after the first reply; we send the $29 Deep Cleanup step only if review-first storage remains.

See sample result

Runbook: Prove The Host-Backed Bytes

Identify the /.msb mount type and backing path before deleting anything. A runtime directory can contain overlays, rootfs state, sockets, metadata, or bind-mounted host storage.
Measure guest bytes with both du and df. A large gap usually means filesystem metadata, hidden mount contents, deleted-open files, reserved blocks, overlay lower/upper layers, or host-side sparse allocation.
Measure the host path at the same time. The important question is whether a guest write increases host disk usage one-for-one or through sparse/metadata amplification.
Check deleted-open files from inside the guest if tools are available. If a process still holds an unlinked file, du can drop while df stays high.
Add an explicit quota boundary for /.msb, not only /workspace, /tmp, or the OCI overlay upperdir.
Keep cleanup plan separate from quota policy. Quota prevents future host exhaustion; cleanup decides which stale runtime artifacts can be removed safely.

Copy-ready issue reply

Use this for /.msb quota and du/df mismatch reports.

This keeps the discussion focused on read-only evidence, host pressure, and runtime-safe cleanup boundaries.

I would treat `/.msb` as a separate host-backed runtime filesystem, not as part of the normal guest quota surface.

Before adding cleanup, I would capture one read-only evidence block:

mount | grep ' /.msb '
findmnt -T /.msb -o TARGET,SOURCE,FSTYPE,OPTIONS
df -h /.msb
df -i /.msb
du -xhd1 /.msb 2>/dev/null | sort -h
lsof +L1 2>/dev/null | grep '/.msb' || true

Then compare that with the host-side backing directory at the same timestamps. If host usage increases with guest writes, `/.msb` needs its own quota/admission setting, for example `msb_size_mib`, because `/workspace`, `/tmp`, and overlay upper limits do not protect the host from this path.

For cleanup safety, I would not delete `/.msb` broadly. First separate runtime metadata, rootfs/overlay layers, sockets, active sandbox state, and stale scratch files. The acceptance test should prove:

- writes beyond the configured `/.msb` quota fail with ENOSPC
- `du`/`df` deltas are explained or surfaced in diagnostics
- deleted-open files are reported separately
- cleanup removes only stale owned artifacts, never active rootfs/runtime state

Do Not Delete First

The whole /.msb tree, rootfs layers, active overlay upperdirs, sockets, or runtime metadata.
Host backing directories until sandbox processes are stopped and open file handles have been checked.
Any file used as proof of the du/df discrepancy before the bug has a regression test.
Workspace data or guest state that belongs to an active sandbox session.

Deep Cleanup

Need a safe cleanup order?

Send the issue link, log excerpt, or storage summary first. We reply with the next safe move and offer the $29 Deep Cleanup only if the incident still needs review.