E2B Orchestrator / Control Plane
Multi-tenant setup (Team 1, Team 2)
Firecracker (FC) runtime
Description:
I encountered unexpected cross-team sandbox interference when using the same base template across different teams.
Steps to reproduce:
In Team 1, create a sandbox (sandbox1) based on the basetemplate.
Start sandbox1, verify it is running, then pause it.
In Team 2, create another sandbox (sandbox2) using the same basetemplate.
Start sandbox2; confirm it is running correctly.
Return to Team 1 and resume the previously paused sandbox1.
Observed behavior:
After resuming sandbox1, sandbox2disappears from Team 2.
On the orchestrator node hosting the workload, the Firecracker process timestamp updates to the exact time when sandbox1was resumed.
It appears that resuming sandbox1is reusing or overwriting the Firecracker instance originally allocated to sandbox2.
Expected behavior:
Resuming a paused sandbox in Team 1 should not affect any sandboxes in Team 2.
Each sandbox should remain isolated per team and tenant.
The orchestrator should not reassign or recycle Firecracker processes across different tenants.
Impact:
Cross-tenant sandbox removal
Potential resource leakage
Breaks multi-tenant isolation guarantees
Please investigate whether sandbox lifecycle management (pause/resume) is incorrectly sharing Firecracker instances or node-level resources between teams when derived from the same base template.
E2B Orchestrator / Control Plane
Multi-tenant setup (Team 1, Team 2)
Firecracker (FC) runtime
Description:
I encountered unexpected cross-team sandbox interference when using the same base template across different teams.
Steps to reproduce:
In Team 1, create a sandbox (sandbox1) based on the basetemplate.
Start sandbox1, verify it is running, then pause it.
In Team 2, create another sandbox (sandbox2) using the same basetemplate.
Start sandbox2; confirm it is running correctly.
Return to Team 1 and resume the previously paused sandbox1.
Observed behavior:
After resuming sandbox1, sandbox2disappears from Team 2.
On the orchestrator node hosting the workload, the Firecracker process timestamp updates to the exact time when sandbox1was resumed.
It appears that resuming sandbox1is reusing or overwriting the Firecracker instance originally allocated to sandbox2.
Expected behavior:
Resuming a paused sandbox in Team 1 should not affect any sandboxes in Team 2.
Each sandbox should remain isolated per team and tenant.
The orchestrator should not reassign or recycle Firecracker processes across different tenants.
Impact:
Cross-tenant sandbox removal
Potential resource leakage
Breaks multi-tenant isolation guarantees
Please investigate whether sandbox lifecycle management (pause/resume) is incorrectly sharing Firecracker instances or node-level resources between teams when derived from the same base template.