Let --rw override --ro on a child path by emitting ro binds first

src/sandbox.rs

@@ -28,13 +28,13 @@ pub fn build_command(config: &SandboxConfig) -> Result<Command, SandboxError> {
         cmd.arg("--bind-try").arg(&path).arg(&path);
     }
 
+    for path in &config.extra_ro {
+        add_ro_bind(&mut cmd, path)?;
+    }
     add_rw_bind(&mut cmd, &config.chdir)?;
     for path in &config.extra_rw {
         add_rw_bind(&mut cmd, path)?;
     }
-    for path in &config.extra_ro {
-        add_ro_bind(&mut cmd, path)?;
-    }
 
     add_env_policy(&mut cmd, config);
     add_user_env_overrides(&mut cmd, config);

tests/integration.rs

@@ -210,6 +210,40 @@ fn extra_rw_mount() {
     );
 }
 
+#[test]
+fn rw_refines_ro_parent() {
+    let parent = TempDir::new().expect("failed to create temp dir");
+    let child = parent.path().join("sub");
+    fs::create_dir(&child).expect("failed to create sub dir");
+    fs::write(parent.path().join("top.txt"), "top").expect("write");
+    fs::write(child.join("inner.txt"), "inner").expect("write");
+    let parent_str = parent.path().to_str().unwrap();
+    let child_str = child.to_str().unwrap();
+
+    let output = sandbox(&["--ro", parent_str, "--rw", child_str])
+        .args([
+            "--",
+            "bash",
+            "-c",
+            &format!(
+                "touch {parent_str}/top_new 2>&1 || echo parent_ro; \
+                 touch {child_str}/child_new && echo child_rw"
+            ),
+        ])
+        .output()
+        .expect("agent-sandbox binary failed to execute");
+
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    assert!(
+        stdout.contains("parent_ro"),
+        "parent should be read-only, got: {stdout}"
+    );
+    assert!(
+        stdout.contains("child_rw"),
+        "child should be writable, got: {stdout}"
+    );
+}
+
 #[test]
 fn chdir_override() {
     let dir = TempDir::new().expect("failed to create temp dir");