Canonicalize blacklist overlay paths to skirt /var/run symlink

tests/integration.rs

@@ -1393,6 +1393,47 @@ fn seccomp_bash_pthread_fallback_works() {
     );
 }
 
+#[test]
+fn blacklist_overlays_survive_absolute_var_run_symlink() {
+    // On Debian/Ubuntu, /var/run -> /run is an absolute symlink; overlays
+    // like --tmpfs /var/run/dbus trip bwrap's re-rooted symlink resolution.
+    // Arch ships /var/run -> ../run (relative) so we synthesize the absolute
+    // layout inside the sandbox to reproduce on any host.
+    let mut bwrap_args = build_bwrap_command(&["--no-seccomp", "--", "true"]);
+    inject_absolute_var_run_symlink(&mut bwrap_args);
+
+    let output = Command::new(&bwrap_args[0])
+        .args(&bwrap_args[1..])
+        .output()
+        .expect("failed to invoke bwrap directly");
+
+    assert!(
+        output.status.success(),
+        "bwrap failed — an overlay target traverses an absolute /var/run symlink.\n\
+         stderr: {}",
+        String::from_utf8_lossy(&output.stderr),
+    );
+}
+
+fn build_bwrap_command(sandbox_args: &[&str]) -> Vec<String> {
+    let output = sandbox(&["--dry-run"])
+        .args(sandbox_args)
+        .output()
+        .expect("agent-sandbox binary failed to execute");
+    let cmd = String::from_utf8_lossy(&output.stdout);
+    let parsed = shlex::split(cmd.trim()).expect("dry-run output is not valid shell");
+    assert_eq!(parsed[0], "bwrap");
+    parsed
+}
+
+fn inject_absolute_var_run_symlink(bwrap_args: &mut Vec<String>) {
+    assert_eq!(bwrap_args[1], "--ro-bind");
+    assert_eq!(bwrap_args[2], "/");
+    assert_eq!(bwrap_args[3], "/");
+    let flags = ["--tmpfs", "/var", "--symlink", "/run", "/var/run"].map(String::from);
+    bwrap_args.splice(4..4, flags);
+}
+
 #[test]
 fn seccomp_blocks_tiocsti() {
     // TIOCSTI (0x5412) injects keystrokes into the terminal input queue.