MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-03-16 09:01:17 -07:00
Code Issues Packages Projects Releases Wiki Activity

fix: address SandboxManager PR feedback

Browse Source 
- docs: Update tools.sandbox configuration type to boolean | string |
  object
- core: Add validation to ConfigSchema requiring a command when sandbox
  is enabled
- core: Remove redundant sandbox defaulting logic from Config
  constructor
- cli: Update LXC removeDevices exit listener to use spawnSync with
  SIGKILL to prevent hanging processes
- core: Integrate NoopSandboxManager into ShellExecutionService to
  correctly utilize sanitized environment
This commit is contained in:
galz10
2026-03-11 13:11:53 -07:00
parent 2ea7a67106
commit 450a331e36
4 changed files with 28 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
packages/cli/src/utils/sandbox.ts
View File

@@ -7,9 +7,9 @@
import {
exec,
execFile,
execFileSync,
execSync,
spawn,
spawnSync,
type ChildProcess,
} from 'node:child_process';
import path from 'node:path';
@@ -876,10 +876,10 @@ async function start_lxc_sandbox(
const removeDevices = () => {
for (const deviceName of devicesToRemove) {
try {
execFileSync(
spawnSync(
'lxc',
['config', 'device', 'remove', containerName, deviceName],
{ timeout: 2000 },
{ timeout: 1000, killSignal: 'SIGKILL', stdio: 'ignore' },
);
} catch {
// Best-effort cleanup; ignore errors on exit.