fix(sandbox): prevent Windows PATH from poisoning docker exec (#13873)
* fix(sandbox): prevent Windows PATH from poisoning docker exec shell lookup On Windows hosts, `buildDockerExecArgs` passes the host PATH env var (containing Windows paths like `C:\Windows\System32`) to `docker exec -e PATH=...`. Docker uses this PATH to resolve the executable argument (`sh`), which fails because Windows paths don't exist in the Linux container — producing `exec: "sh": executable file not found in $PATH`. Two changes: - Skip PATH in the `-e` env loop (it's already handled separately via OPENCLAW_PREPEND_PATH + shell export) - Use absolute `/bin/sh` instead of bare `sh` to eliminate PATH dependency entirely Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * style: add braces around continue to satisfy linter Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(test): update assertion to match /bin/sh in buildDockerExecArgs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Alessandro Rodi
@@ -76,7 +76,7 @@ describe("buildDockerExecArgs", () => {
|
||||
tty: false,
|
||||
});
|
||||
|
||||
expect(args).toContain("sh");
|
||||
expect(args).toContain("/bin/sh");
|
||||
expect(args).toContain("-lc");
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user