Problem
Shared workspaces and caches allow cross-job state leakage and disk exhaustion attacks.
Proposed change
Replace shared /tmp/tako-vm-jobs with:
- per-job ephemeral volumes
- persistent volumes only via explicit opt-in job types
Acceptance criteria
- No shared writable filesystem between jobs.
- Jobs are fully cleaned up after execution.
Problem
Shared workspaces and caches allow cross-job state leakage and disk exhaustion attacks.
Proposed change
Replace shared
/tmp/tako-vm-jobswith:Acceptance criteria