mirror of
https://github.com/anthropic-experimental/sandbox-runtime.git
synced 2026-05-22 20:39:42 +08:00
abd0b3bf2c
When allowedDomains is set, the sandbox enters restricted network mode. The previous implementation used (allow network* (subpath "/")) to allow Unix sockets, but socket(AF_UNIX, SOCK_STREAM, 0) is a system-socket operation that doesn't reference a filesystem path, so (subpath ...) can't match it. This caused Gradle (FileLockContentionHandler), Docker, and other tools that create Unix domain sockets to fail with: java.net.SocketException: Operation not permitted The fix uses three explicit Seatbelt rules instead: 1. (allow system-socket (socket-domain AF_UNIX)) - for socket() creation 2. (allow network-bind (local unix-socket ...)) - for bind() operations 3. (allow network-outbound (remote unix-socket ...)) - for connect() operations This properly separates the socket creation syscall (which has no path context) from the bind/connect operations (which reference paths). Fixes: Gradle builds failing in sandbox with allowedDomains configured Fixes: Docker socket failures in sandbox with allowedDomains configured