Ensure passing relative paths to CLI works

2026-03-20 21:36:55 +01:00
parent 94535b20d3
commit 4112288a30
2 changed files with 66 additions and 4 deletions
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,5 +1,5 @@
 use std::ffi::{OsStr, OsString};
-use std::path::PathBuf;
+use std::path::{Path, PathBuf};
 use std::process;

 use clap::Parser;
@@ -67,8 +67,16 @@ fn main() {
        mode,
        hardened: args.hardened,
        no_net: args.no_net,
-        extra_rw: args.extra_rw,
-        extra_ro: args.extra_ro,
+        extra_rw: args
+            .extra_rw
+            .iter()
+            .map(|p| canonicalize_or_exit(p))
+            .collect(),
+        extra_ro: args
+            .extra_ro
+            .iter()
+            .map(|p| canonicalize_or_exit(p))
+            .collect(),
        command,
        command_args,
        chdir,
@@ -104,7 +112,7 @@ fn assert_binary_exists(name: &OsStr) -> PathBuf {

 fn assert_chdir(explicit: Option<PathBuf>) -> PathBuf {
    if let Some(p) = explicit {
-        return p;
+        return canonicalize_or_exit(&p);
    }
    match std::env::current_dir() {
        Ok(p) => p,
@@ -118,6 +126,13 @@ fn assert_chdir(explicit: Option<PathBuf>) -> PathBuf {
    }
 }

+fn canonicalize_or_exit(p: &Path) -> PathBuf {
+    std::fs::canonicalize(p).unwrap_or_else(|e| {
+        eprintln!("error: cannot resolve path '{}': {e}", p.display());
+        process::exit(1);
+    })
+}
+
 fn resolve_binary(name: &OsStr) -> Option<PathBuf> {
    let path = PathBuf::from(name);
    if path.is_absolute() || path.components().count() > 1 {
--- a/tests/integration.rs
+++ b/tests/integration.rs
@@ -237,6 +237,53 @@ fn blacklist_overlays_survive_tmp_bind() {
    );
 }

+#[test]
+fn relative_chdir_works() {
+    let output = sandbox(&["--chdir", "src"])
+        .args(["--", "bash", "-c", "pwd"])
+        .output()
+        .expect("agent-sandbox binary failed to execute");
+
+    assert!(
+        output.status.success(),
+        "relative --chdir should work, stderr: {}",
+        String::from_utf8_lossy(&output.stderr)
+    );
+    let stdout = String::from_utf8_lossy(&output.stdout).trim().to_string();
+    assert!(
+        stdout.ends_with("/src"),
+        "expected cwd ending in /src, got: {stdout}"
+    );
+}
+
+#[test]
+fn relative_rw_path_works() {
+    let output = sandbox(&["--rw", "src"])
+        .args(["--", "bash", "-c", "echo ok"])
+        .output()
+        .expect("agent-sandbox binary failed to execute");
+
+    assert!(
+        output.status.success(),
+        "relative --rw should work, stderr: {}",
+        String::from_utf8_lossy(&output.stderr)
+    );
+}
+
+#[test]
+fn relative_ro_path_works() {
+    let output = sandbox(&["--ro", "src"])
+        .args(["--", "bash", "-c", "echo ok"])
+        .output()
+        .expect("agent-sandbox binary failed to execute");
+
+    assert!(
+        output.status.success(),
+        "relative --ro should work, stderr: {}",
+        String::from_utf8_lossy(&output.stderr)
+    );
+}
+
 #[test]
 fn rw_missing_path_errors() {
    let output = sandbox(&["--rw", "/nonexistent/xyz"])