vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-28 17:43:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(exec): fail closed when sandbox is unavailable and harden deny followups (#56800)

Browse Source 
* fix(exec): fail closed when sandbox is unavailable and harden deny followups

* docs(changelog): note exec fail-closed fix
This commit is contained in:
scoootscooob
2026-03-28 22:20:49 -07:00
committed by GitHub
parent d5e59621a7
commit 5d81b64343
14 changed files with 116 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/agents/bash-tools.exec.ts
View File

@@ -330,7 +330,6 @@ export function createExecTool(
logInfo(`exec: elevated command ${truncateMiddle(params.command, 120)}`);
}
const configuredHost = defaults?.host ?? "sandbox";
const sandboxHostConfigured = defaults?.host === "sandbox";
const requestedHost = normalizeExecHost(params.host) ?? null;
let host: ExecHost = requestedHost ?? configuredHost;
if (!elevatedRequested && requestedHost && requestedHost !== configuredHost) {
@@ -359,14 +358,11 @@ export function createExecTool(
}
const sandbox = host === "sandbox" ? defaults?.sandbox : undefined;
if (
host === "sandbox" &&
!sandbox &&
(sandboxHostConfigured || requestedHost === "sandbox")
) {
// Never fall through to direct host exec when the selected host was sandbox.
if (host === "sandbox" && !sandbox) {
throw new Error(
[
"exec host=sandbox is configured, but sandbox runtime is unavailable for this session.",
"exec host resolved to sandbox, but sandbox runtime is unavailable for this session.",
'Enable sandbox mode (`agents.defaults.sandbox.mode="non-main"` or `"all"`) or set tools.exec.host to "gateway"/"node".',
].join("\n"),
);