chore(server): always mount runtime volume on egress sidecar#1072
chore(server): always mount runtime volume on egress sidecar#1072Pangjiping wants to merge 4 commits into
Conversation
The shared /opt/opensandbox volume was only mounted on the egress sidecar when credential_proxy_enabled was true. When users enable transparent MITM manually via OPENSANDBOX_EGRESS_MITMPROXY_TRANSPARENT env var without credential proxy, the egress process exports its CA cert to /opt/opensandbox/mitmproxy-ca-cert.pem but the sandbox container's bootstrap.sh waits for that same path on a different filesystem, causing a timeout and HTTPS certificate validation failure. Mount the runtime volume unconditionally whenever the egress sidecar exists — the volume is already present in the pod spec from the execd init container, so this is a no-op for non-MITM scenarios. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Pangjiping
requested review from
Generalwin,
hittyt,
jwx0925 and
ninan-nn
as code owners
Pangjiping
changed the title
Mirror the Kubernetes change: create the shared runtime volume whenever an egress sidecar exists, not only when credential proxy is enabled. This ensures manual MITM via OPENSANDBOX_EGRESS_MITMPROXY_TRANSPARENT env var works in Docker mode — the CA cert can reach the sandbox container through the shared volume. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
OpenSandbox/server/opensandbox_server/services/docker/docker_service.py
Lines 893 to 895 in a8d1790
Avoid duplicate mounts at the runtime path
When a Docker sandbox uses networkPolicy and also supplies a request volume mounted at /opt/opensandbox, _build_volume_binds() has already added that user mount before this unconditional runtime bind is appended. That produces two Docker binds with the same destination, so network-policy sandboxes without credentialProxy that previously worked can now fail at container creation with a duplicate mount target; the runtime path should be reserved/validated or de-duplicated before appending this bind.
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
…time bind - _expire_sandbox() now reads SANDBOX_MANAGED_VOLUMES_LABEL and calls _cleanup_managed_volumes(), matching delete_sandbox() behavior. Previously runtime volumes leaked when sandboxes expired via timer. - Deduplicate runtime volume bind: skip appending the runtime mount if a user-supplied volume already targets /opt/opensandbox, avoiding Docker's duplicate mount target rejection. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Re: "Avoid duplicate mounts at the runtime path" — Fixed in 221e99a. Before appending the runtime volume bind, we now check if any existing bind already targets |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 221e99afe6
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Substring check `:/opt/opensandbox` false-positives on paths like `/opt/opensandbox-cache`. Match `:/opt/opensandbox:` (with options suffix) or bind ending with `:/opt/opensandbox` (no options) instead. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2 participants
Summary
/opt/opensandboxshared volume on the egress sidecar, not just whencredential_proxy_enabled=TrueOPENSANDBOX_EGRESS_MITMPROXY_TRANSPARENT=truevia env without credential proxy → egress exports CA cert to shared volume → bootstrap.sh can read ittest_always_mounts_runtime_volumetestAddresses review feedback from #1069.
Test plan
test_always_mounts_runtime_volume— verifies volumeMount present without credential proxytest_contains_transparent_mitm_env_when_credential_proxy_enabled— still passes🤖 Generated with Claude Code