zcbot/core/sandbox
caoqianming 4ff5b0c171 sandbox: host 侧 resolv.conf bind mount 覆盖容器 ro
docker 默 /etc/resolv.conf 是 ro mount(尤其 --read-only rootfs 下),
init.sh `cat > /etc/resolv.conf` 写不进。改主路径:

- SandboxPool._ensure_resolv_conf_file:host 侧 <workspace>/.sandbox/resolv.conf
  写公网 DNS(nameserver 8.8.8.8 / 114.114.114.114)
- _docker_run 加 -v <host>:/etc/resolv.conf:ro,user 指定 mount 优先级 > daemon
  默注入,直接覆盖 embedded DNS 127.0.0.11
- ZCBOT_DNS env 仍传给 init.sh 作 fallback(init.sh 已 robust 失败不退)

RUN.md 故障兜底两行(Read-only 报错根因 + 解法)。

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 12:21:05 +08:00
..
__init__.py Stage C 收尾包:资源 yaml + 磁盘配额 + 网络放开 + 容器内源持久化 2026-05-27 08:35:53 +08:00
check.py Stage C 收尾包:资源 yaml + 磁盘配额 + 网络放开 + 容器内源持久化 2026-05-27 08:35:53 +08:00
network.py Stage C 收尾包:资源 yaml + 磁盘配额 + 网络放开 + 容器内源持久化 2026-05-27 08:35:53 +08:00
pool.py sandbox: host 侧 resolv.conf bind mount 覆盖容器 ro 2026-05-27 12:21:05 +08:00
tool_runner.py Stage C Step 3d: fs 工具进容器 + DESIGN §7.5 #6 重写(物理边界替代代码护栏) 2026-05-26 21:56:41 +08:00