Bind symlinked rw/ro paths at the user-written destination

Canonicalizing rw/ro paths in the config layer resolved symlinks before the sandbox was built, so a symlinked entry only appeared at its target's location -- never at the path the user wrote. Stop canonicalizing rw/ro at the config layer and instead resolve only the source side of the bind in sandbox.rs.
2026-04-07 17:45:38 +02:00
parent f0711f2894
commit 83bd4305c7
3 changed files with 91 additions and 11 deletions
--- a/tests/integration.rs
+++ b/tests/integration.rs
@@ -796,6 +796,28 @@ fn config_command_replaced_by_passthrough() {
    );
 }

+#[test]
+fn whitelist_ro_symlink_visible_at_link_path() {
+    let dir = TempDir::new().unwrap();
+    let target = dir.path().join("target.txt");
+    let link = dir.path().join("link.txt");
+    fs::write(&target, "hello from target").expect("failed to write target");
+    std::os::unix::fs::symlink(&target, &link).expect("failed to create symlink");
+    let link_str = link.to_str().unwrap();
+
+    let output = sandbox(&["--whitelist", "--ro", link_str])
+        .args(["--", "cat", link_str])
+        .output()
+        .expect("agent-sandbox binary failed to execute");
+
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    assert!(
+        stdout.contains("hello from target"),
+        "expected symlink path to be readable inside sandbox, got stdout: {stdout}, stderr: {}",
+        String::from_utf8_lossy(&output.stderr)
+    );
+}
+
 #[test]
 fn mask_nonexistent_path_becomes_tmpfs() {
    let dir = TempDir::new().unwrap();