test(sandbox): add coverage for binds -v flag emission
This commit is contained in:
Aaron Konyer
committed by
Peter Steinberger
Peter Steinberger
parent
0b2b8c7c52
commit
583fc4fb11
@@ -91,4 +91,70 @@ describe("buildSandboxCreateArgs", () => {
|
||||
expect.arrayContaining(["nofile=1024:2048", "nproc=128", "core=0"]),
|
||||
);
|
||||
});
|
||||
|
||||
it("emits -v flags for custom binds", () => {
|
||||
const cfg: SandboxDockerConfig = {
|
||||
image: "clawdbot-sandbox:bookworm-slim",
|
||||
containerPrefix: "clawdbot-sbx-",
|
||||
workdir: "/workspace",
|
||||
readOnlyRoot: false,
|
||||
tmpfs: [],
|
||||
network: "none",
|
||||
capDrop: [],
|
||||
binds: [
|
||||
"/home/user/source:/source:rw",
|
||||
"/var/run/docker.sock:/var/run/docker.sock",
|
||||
],
|
||||
};
|
||||
|
||||
const args = buildSandboxCreateArgs({
|
||||
name: "clawdbot-sbx-binds",
|
||||
cfg,
|
||||
scopeKey: "main",
|
||||
createdAtMs: 1700000000000,
|
||||
});
|
||||
|
||||
expect(args).toContain("-v");
|
||||
const vFlags: string[] = [];
|
||||
for (let i = 0; i < args.length; i++) {
|
||||
if (args[i] === "-v") {
|
||||
const value = args[i + 1];
|
||||
if (value) vFlags.push(value);
|
||||
}
|
||||
}
|
||||
expect(vFlags).toContain("/home/user/source:/source:rw");
|
||||
expect(vFlags).toContain("/var/run/docker.sock:/var/run/docker.sock");
|
||||
});
|
||||
|
||||
it("omits -v flags when binds is empty or undefined", () => {
|
||||
const cfg: SandboxDockerConfig = {
|
||||
image: "clawdbot-sandbox:bookworm-slim",
|
||||
containerPrefix: "clawdbot-sbx-",
|
||||
workdir: "/workspace",
|
||||
readOnlyRoot: false,
|
||||
tmpfs: [],
|
||||
network: "none",
|
||||
capDrop: [],
|
||||
binds: [],
|
||||
};
|
||||
|
||||
const args = buildSandboxCreateArgs({
|
||||
name: "clawdbot-sbx-no-binds",
|
||||
cfg,
|
||||
scopeKey: "main",
|
||||
createdAtMs: 1700000000000,
|
||||
});
|
||||
|
||||
// Count -v flags that are NOT workspace mounts (workspace mounts are internal)
|
||||
const customVFlags: string[] = [];
|
||||
for (let i = 0; i < args.length; i++) {
|
||||
if (args[i] === "-v") {
|
||||
const value = args[i + 1];
|
||||
if (value && !value.includes("/workspace")) {
|
||||
customVFlags.push(value);
|
||||
}
|
||||
}
|
||||
}
|
||||
expect(customVFlags).toHaveLength(0);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -1020,6 +1020,11 @@ export function buildSandboxCreateArgs(params: {
|
||||
const formatted = formatUlimitValue(name, value);
|
||||
if (formatted) args.push("--ulimit", formatted);
|
||||
}
|
||||
if (params.cfg.binds?.length) {
|
||||
for (const bind of params.cfg.binds) {
|
||||
args.push("-v", bind);
|
||||
}
|
||||
}
|
||||
return args;
|
||||
}
|
||||
|
||||
@@ -1055,11 +1060,6 @@ async function createSandboxContainer(params: {
|
||||
`${params.agentWorkspaceDir}:${SANDBOX_AGENT_WORKSPACE_MOUNT}${agentMountSuffix}`,
|
||||
);
|
||||
}
|
||||
if (cfg.binds?.length) {
|
||||
for (const bind of cfg.binds) {
|
||||
args.push("-v", bind);
|
||||
}
|
||||
}
|
||||
args.push(cfg.image, "sleep", "infinity");
|
||||
|
||||
await execDocker(args);
|
||||
|
||||
Reference in New Issue
Block a user