github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-25 05:38:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(sandbox): centralize network mode policy helpers

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-24 23:26:46 +00:00
parent 14b6eea6e3
commit 5552f9073f
7 changed files with 78 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/config/config.sandbox-docker.test.ts
View File

@@ -1,5 +1,8 @@
import { describe, expect, it } from "vitest";
import { resolveSandboxBrowserConfig } from "../agents/sandbox/config.js";
import {
resolveSandboxBrowserConfig,
resolveSandboxDockerConfig,
} from "../agents/sandbox/config.js";
import { validateConfigObject } from "./config.js";
describe("sandbox docker config", () => {
@@ -84,6 +87,22 @@ describe("sandbox docker config", () => {
expect(res.ok).toBe(true);
});
it("uses agent override precedence for dangerouslyAllowContainerNamespaceJoin", () => {
const inherited = resolveSandboxDockerConfig({
scope: "agent",
globalDocker: { dangerouslyAllowContainerNamespaceJoin: true },
agentDocker: {},
});
expect(inherited.dangerouslyAllowContainerNamespaceJoin).toBe(true);
const overridden = resolveSandboxDockerConfig({
scope: "agent",
globalDocker: { dangerouslyAllowContainerNamespaceJoin: true },
agentDocker: { dangerouslyAllowContainerNamespaceJoin: false },
});
expect(overridden.dangerouslyAllowContainerNamespaceJoin).toBe(false);
});
it("rejects seccomp unconfined via Zod schema validation", () => {
const res = validateConfigObject({
agents: {