mrtoth/agent-sandbox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Stop overriding the sandbox hostname

Browse Source 
Setting --hostname sandbox inside the UTS namespace was purely cosmetic
(a label for interactive shells) and provided no isolation beyond what
--unshare-uts already gives. It also caused codex to hang for ~5s on
startup: glibc resolved the unknown "sandbox" name via systemd-resolved
and waited through two DNS retry timeouts before giving up.

Dropping the override lets the sandbox inherit the host's hostname,
which already resolves locally, eliminating the stall.
This commit is contained in:
Kristóf Tóth
2026-04-27 21:08:05 +02:00
parent 105eafef2e
commit 1165aea9aa
3 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+1 -1
View File
@@ -18,7 +18,7 @@ The threat model is prompt injection and accidental damage, not a determined att
### Hardening
`--hardened` unshares the IPC, PID, and UTS namespaces and sets the hostname to `sandbox`. This is independent of the filesystem mode and can be combined with either. Whitelist mode enables it unconditionally; blacklist mode leaves it off by default. Use `--no-hardened` to override a config-file `hardened = true` (note: it cannot disable the implicit hardening that comes with whitelist mode).
`--hardened` unshares the IPC, PID, and UTS namespaces. This is independent of the filesystem mode and can be combined with either. Whitelist mode enables it unconditionally; blacklist mode leaves it off by default. Use `--no-hardened` to override a config-file `hardened = true` (note: it cannot disable the implicit hardening that comes with whitelist mode).
### Network
src/cli.rs
+1 -1
View File
@@ -18,7 +18,7 @@ pub struct Args {
#[arg(long)]
pub whitelist: bool,
/// Harden: unshare IPC, PID, UTS namespaces and set hostname to "sandbox" (implied by --whitelist)
/// Harden: unshare IPC, PID, UTS namespaces (implied by --whitelist)
#[arg(long, overrides_with = "no_hardened")]
pub hardened: bool,
src/sandbox.rs
-1
View File
@@ -13,7 +13,6 @@ pub fn build_command(config: &SandboxConfig) -> Result<Command, SandboxError> {
if hardened {
cmd.args(["--unshare-ipc", "--unshare-pid", "--unshare-uts"]);
cmd.args(["--hostname", "sandbox"]);
}
if config.unshare_net {
cmd.arg("--unshare-net");