fix: document /etc/hosts sandbox issue and add bwrapExtraBinds config#1010
Open
Oxygen56 wants to merge 1 commit into
Open
fix: document /etc/hosts sandbox issue and add bwrapExtraBinds config#1010Oxygen56 wants to merge 1 commit into
Oxygen56 wants to merge 1 commit into
Conversation
When the SDK runs inside Docker with sandbox.enabled=True, bwrap may not expose /etc/hosts inside the sandbox filesystem namespace, causing localhost DNS resolution to fail. This breaks proxy connections (e.g., botocore credential fetching in AWS Bedrock AgentCore runtimes). Changes: - Add 'Known issue' documentation to SandboxSettings explaining the /etc/hosts problem and workarounds (disable sandbox or use excludedCommands) - Add bwrapExtraBinds field to SandboxSettings as a forward-looking config surface for specifying additional --ro-bind paths (e.g., /etc/hosts, /etc/resolv.conf) when the CLI adds support for this feature - Add test for bwrapExtraBinds passthrough The root fix requires a CLI update to explicitly bind-mount /etc/hosts in the bwrap command constructed by @anthropic-ai/sandbox-runtime. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes issue #861: When the SDK runs inside Docker with
sandbox.enabled=True, the bwrap sandbox does not expose/etc/hostsinside the isolated filesystem namespace, breakinglocalhostDNS resolution and proxy connections (e.g., botocore credential fetching in AWS Bedrock AgentCore).Root Cause
The bwrap command is constructed by the CLI via
@anthropic-ai/sandbox-runtime(seelinux-sandbox-utils.jswrapCommandWithSandboxLinux()). It uses--ro-bind / /as the base filesystem mount, but when running inside Docker with--unshare-user(triggered byenableWeakerNestedSandbox), container-managed files like/etc/hostsmay not propagate correctly into the sandbox namespaces. The permanent fix requires a CLI update to explicitly bind-mount/etc/hostsand/etc/resolv.conf.SDK Changes
Documentation: Added "Known issue" section to
SandboxSettingsdocstring explaining the problem and workarounds (disable sandbox or useexcludedCommands).bwrapExtraBindsconfig: Added a new optional field toSandboxSettingsthat allows specifying additional--ro-bindsource paths for the Linux bwrap sandbox. This is a forward-looking config surface — users can set["/etc/hosts", "/etc/resolv.conf"]for when the CLI adds support for this feature.Tests: Added
test_sandbox_with_bwrap_extra_bindsverifying the field passes through the--settingsJSON correctly.How Sandbox Config Flows
ClaudeAgentOptions.sandbox(Python SDK) →_build_settings_value()→--settings <JSON>(CLI flag) → CLI configures@anthropic-ai/sandbox-runtime→wrapCommandWithSandboxLinux()constructs bwrap args → bwrap executes command.The sandbox-runtime source analysis is in the PR description for reference.
Workaround (until CLI is fixed)
Or use excludedCommands: