Launch policies override the VM metadata variables
set by workload operators to restrict malicious actions. A workload author can
set policies with a label
as part of building their container image.
A comma-separated string of permitted environment variable names that
are allowed to be set by a workload operator with
tee-env-ENVIRONMENT_VARIABLE_NAME
metadata values.
tee.launch_policy.allow_mount_destinations
Interacts with:
Workload operator: The
tee-mount
metadata variable.
Colon-separated string
A colon-separated string of permitted mount directories the workload
operator is allowed to mount to using tee-mount.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eLaunch policies, set by workload authors, override VM metadata variables to prevent malicious actions, using labels in \u003ccode\u003eDockerfile\u003c/code\u003e or Bazel BUILD files.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003etee.launch_policy.allow_cmd_override\u003c/code\u003e policy determines if the \u003ccode\u003eCMD\u003c/code\u003e in a container's \u003ccode\u003eDockerfile\u003c/code\u003e can be overridden by a workload operator via the \u003ccode\u003etee-cmd\u003c/code\u003e metadata variable.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003etee.launch_policy.allow_env_override\u003c/code\u003e policy allows workload operators to set specific environment variables using \u003ccode\u003etee-env-\u003c/code\u003e metadata variables, with a comma-separated list of permitted names.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003etee.launch_policy.allow_mount_destinations\u003c/code\u003e policy defines a colon-separated string of allowed mount directories for workload operators using the \u003ccode\u003etee-mount\u003c/code\u003e variable.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003etee.launch_policy.monitoring_memory_allow\u003c/code\u003e policy controls workload memory usage monitoring when the \u003ccode\u003etee-memory-monitoring-enable\u003c/code\u003e variable is true, offering options like \u003ccode\u003edebugonly\u003c/code\u003e, \u003ccode\u003ealways\u003c/code\u003e, or \u003ccode\u003enever\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# Launch policies\n\n[Workload author](/confidential-computing/confidential-space/docs/confidential-space-overview#roles)\n\n*** ** * ** ***\n\nLaunch policies override the [VM metadata variables](/confidential-computing/confidential-space/docs/reference/metadata-variables#metadata-variables)\nset by workload operators to restrict malicious actions. A workload author can\nset policies with a [label](https://docs.docker.com/engine/reference/builder/#label)\nas part of building their container image.\n\nFor example, in a `Dockerfile`: \n\n LABEL \"tee.launch_policy.allow_cmd_override\"=\"true\"\n\nIn a Bazel BUILD file: \n\n container_image(\n ...\n labels={\"tee.launch_policy.allow_cmd_override\":\"true\"}\n ...\n )\n\nThe available launch policies are in the following table:"]]
