feat(sandbox): block container namespace joins by default

2026-05-08 17:58:28 +00:00 · 2026-02-24 23:19:48 +00:00
parent ccbeb332e0
commit 14b6eea6e3
17 changed files with 253 additions and 18 deletions
--- a/src/agents/sandbox-create-args.test.ts
+++ b/src/agents/sandbox-create-args.test.ts
@@ -181,6 +181,12 @@ describe("buildSandboxCreateArgs", () => {
      cfg: createSandboxConfig({ network: "host" }),
      expected: /network mode "host" is blocked/,
    },
+    {
+      name: "network container namespace join",
+      containerName: "openclaw-sbx-container-network",
+      cfg: createSandboxConfig({ network: "container:peer" }),
+      expected: /network mode "container:peer" is blocked by default/,
+    },
    {
      name: "seccomp unconfined",
      containerName: "openclaw-sbx-seccomp",
@@ -271,4 +277,18 @@ describe("buildSandboxCreateArgs", () => {
    });
    expect(args).toEqual(expect.arrayContaining(["-v", "/tmp/override:/workspace:rw"]));
  });
+
+  it("allows container namespace join with explicit dangerous override", () => {
+    const cfg = createSandboxConfig({
+      network: "container:peer",
+      dangerouslyAllowContainerNamespaceJoin: true,
+    });
+    const args = buildSandboxCreateArgs({
+      name: "openclaw-sbx-container-network-override",
+      cfg,
+      scopeKey: "main",
+      createdAtMs: 1700000000000,
+    });
+    expect(args).toEqual(expect.arrayContaining(["--network", "container:peer"]));
+  });
 });