From 1165aea9aa1157e229265c0f0109bc141f07a002 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3f=20T=C3=B3th?= Date: Mon, 27 Apr 2026 21:08:05 +0200 Subject: [PATCH] Stop overriding the sandbox hostname Setting --hostname sandbox inside the UTS namespace was purely cosmetic (a label for interactive shells) and provided no isolation beyond what --unshare-uts already gives. It also caused codex to hang for ~5s on startup: glibc resolved the unknown "sandbox" name via systemd-resolved and waited through two DNS retry timeouts before giving up. Dropping the override lets the sandbox inherit the host's hostname, which already resolves locally, eliminating the stall. --- README.md | 2 +- src/cli.rs | 2 +- src/sandbox.rs | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 032f57b..a62654f 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ The threat model is prompt injection and accidental damage, not a determined att ### Hardening -`--hardened` unshares the IPC, PID, and UTS namespaces and sets the hostname to `sandbox`. This is independent of the filesystem mode and can be combined with either. Whitelist mode enables it unconditionally; blacklist mode leaves it off by default. Use `--no-hardened` to override a config-file `hardened = true` (note: it cannot disable the implicit hardening that comes with whitelist mode). +`--hardened` unshares the IPC, PID, and UTS namespaces. This is independent of the filesystem mode and can be combined with either. Whitelist mode enables it unconditionally; blacklist mode leaves it off by default. Use `--no-hardened` to override a config-file `hardened = true` (note: it cannot disable the implicit hardening that comes with whitelist mode). ### Network diff --git a/src/cli.rs b/src/cli.rs index 39bbdcf..bdb49c9 100644 --- a/src/cli.rs +++ b/src/cli.rs @@ -18,7 +18,7 @@ pub struct Args { #[arg(long)] pub whitelist: bool, - /// Harden: unshare IPC, PID, UTS namespaces and set hostname to "sandbox" (implied by --whitelist) + /// Harden: unshare IPC, PID, UTS namespaces (implied by --whitelist) #[arg(long, overrides_with = "no_hardened")] pub hardened: bool, diff --git a/src/sandbox.rs b/src/sandbox.rs index 62f1a49..63af62f 100644 --- a/src/sandbox.rs +++ b/src/sandbox.rs @@ -13,7 +13,6 @@ pub fn build_command(config: &SandboxConfig) -> Result { if hardened { cmd.args(["--unshare-ipc", "--unshare-pid", "--unshare-uts"]); - cmd.args(["--hostname", "sandbox"]); } if config.unshare_net { cmd.arg("--unshare-net");