Skip to content

fix: add EACCES diagnostic + fallback for chroot hosts file write#6285

Merged
lpcox merged 5 commits into
mainfrom
fix/hosts-file-eacces-diagnostic-and-fallback
Jul 16, 2026
Merged

fix: add EACCES diagnostic + fallback for chroot hosts file write#6285
lpcox merged 5 commits into
mainfrom
fix/hosts-file-eacces-diagnostic-and-fallback

Conversation

@lpcox

@lpcox lpcox commented Jul 16, 2026

Copy link
Copy Markdown
Collaborator

Problem

Every Smoke CI run in github/gh-aw where the agent step executes fails with:

EACCES: permission denied, open '/tmp/awf-<ts>/chroot-<random>/hosts'

This has been happening 100% of the time since ~July 10 (AWF v0.27.29+). The error occurs in generateHostsFileMount() at hosts-file.ts:72fs.writeFileSync() fails immediately after fs.mkdtempSync() succeeds on the line above.

Tracked in: github/gh-aw#45720

Root Cause Analysis

Fix

  1. EACCES-specific catch around writeFileSync with diagnostic logging:

    • Process UID/GID
    • stat of the mkdtemp'd directory (ownership, permissions)
    • stat of the parent hostsRootDir
    • This will reveal the exact environmental cause on the next CI run
  2. Fallback: Write the hosts file directly in hostsRootDir (as chroot-hosts) instead of crashing. When useDockerHostStaging is false (the case in all failing runs), config.workDir is already a unique per-run directory, so the mkdtemp subdirectory is not required for isolation.

  3. Non-EACCES errors are re-thrown unchanged.

Tests

Added 3 new tests to hosts-file-branches.test.ts:

  • EACCES fallback produces valid mount string and creates the file
  • Non-EACCES errors (e.g., ENOENT) are re-thrown, not swallowed
  • Diagnostic warning is emitted with expected content (UID/GID, stat info)

The writeFileSync in generateHostsFileMount fails with EACCES on Ubuntu 24.04
GitHub Actions runners when writing inside a mkdtempSync-created subdirectory
of the AWF workDir. This has been causing 100% Smoke CI failures in gh-aw
since ~July 10 (AWF v0.27.29+).

The root cause is environmental (the same code path worked previously and
hasn't changed since May 23). The squid.conf write to the same workDir
succeeds, confirming the workDir itself is writable — only the file creation
inside the mkdtemp'd chroot-XXXXXX subdirectory fails.

Changes:
- Wrap writeFileSync in a try/catch with EACCES-specific handling
- On EACCES, emit a diagnostic warning with process UID/GID and stat info
  for both the mkdtemp'd directory and the parent hostsRootDir — this will
  reveal the exact environmental cause on the next CI run
- Fall back to writing the hosts file directly in hostsRootDir (as
  chroot-hosts) — config.workDir is already unique per run so the mkdtemp
  subdirectory is not required for isolation
- Non-EACCES errors are re-thrown unchanged
- Add 3 tests covering the fallback path, error re-throw, and diagnostic
  warning emission

Addresses: github/gh-aw#45720

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Copilot-Session: b946b0b6-9ca4-47ae-ac6d-015374ba00a3
Copilot AI review requested due to automatic review settings July 16, 2026 00:07
Comment thread src/services/agent-volumes/hosts-file.ts Fixed
@github-actions

Copy link
Copy Markdown
Contributor

⚠️ Coverage Regression Detected

This PR decreases test coverage. Please add tests to maintain coverage levels.

Overall Coverage

Metric Base PR Delta
Lines 98.92% 98.95% 📈 +0.03%
Statements 98.86% 98.90% 📈 +0.04%
Functions 99.35% 99.35% ➡️ +0.00%
Branches 95.11% 95.06% 📉 -0.05%
📁 Per-file Coverage Changes (1 files)
File Lines (Before → After) Statements (Before → After)
src/log-directory-setup.ts 96.2% → 100.0% (+3.78%) 96.3% → 100.0% (+3.71%)

Coverage comparison generated by scripts/ci/compare-coverage.ts

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds diagnostics and a fallback for EACCES failures when creating the chroot hosts file.

Changes:

  • Logs UID/GID and directory metadata on EACCES.
  • Falls back to a hosts file in the root directory.
  • Adds fallback and error-handling tests.
Show a summary per file
File Description
src/services/agent-volumes/hosts-file.ts Adds EACCES diagnostics and fallback handling.
src/services/agent-volumes/hosts-file-branches.test.ts Tests fallback, diagnostics, and non-EACCES behavior.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 2/2 changed files
  • Comments generated: 1
  • Review effort level: Medium

Comment on lines +98 to +102
// Fallback: write hosts file directly in hostsRootDir (config.workDir is
// already unique per run, so a subdirectory is not required for isolation).
const fallbackPath = path.join(hostsRootDir, 'chroot-hosts');
fs.writeFileSync(fallbackPath, hostsContent, { mode: 0o644 });
return `${fallbackPath}:/host/etc/hosts:ro`;
@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

✅ Copilot review passed with no inline comments.

@lpcox Add the ready-for-aw label to this PR to trigger agentic CI smoke tests.

@lpcox

lpcox commented Jul 16, 2026

Copy link
Copy Markdown
Collaborator Author

@copilot address review feedback

Copilot AI commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

@copilot address review feedback

Fixed in the latest commit. The fallback is now gated behind !useDockerHostStaging: when staging mode is active the EACCES error is re-thrown rather than writing a fixed-name file into the shared hostsRootDir. In non-staging mode (where hostsRootDir === config.workDir, a unique per-run directory with mode 0o700) the fallback still applies, and now uses flag: 'wx' (O_EXCL) to prevent any symlink-based TOCTOU. Added a test that confirms EACCES in staging mode propagates without invoking the fallback write.

Copilot finished work on behalf of lpcox July 16, 2026 00:19
@lpcox

lpcox commented Jul 16, 2026

Copy link
Copy Markdown
Collaborator Author

@copilot also address the security findings

Copilot AI commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

@copilot also address the security findings

The CodeQL "Insecure temporary file" finding was already resolved in 6f4020b — the fallback writeFileSync now uses { flag: 'wx', mode: 0o644 } (O_EXCL), which prevents any symlink-based TOCTOU. Re-running CodeQL confirms 0 alerts.

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Smoke Copilot BYOK AOAI (Entra) reports failed. AOAI BYOK (Entra) mode investigation needed...

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Smoke Claude passed

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Smoke Gemini completed. All facets verified. 💎

Smoke test completed with FAIL status. Comment added to PR #6285.

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Chroot tests passed! Smoke Chroot - All security and functionality tests succeeded.

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

📡 Smoke OTel Tracing completed. All tracing scenarios validated. ✅

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Smoke Copilot BYOK AOAI (api-key) reports failed. AOAI BYOK (api-key) mode investigation needed...

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

🔌 Smoke Services — All services reachable! ✅

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅

@github-actions

Copy link
Copy Markdown
Contributor

🚀 Security Guard has started processing this pull request

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Contribution Check completed successfully!

PR #6285 follows the applicable CONTRIBUTING.md guidelines: it includes focused tests for the new fallback and diagnostics, uses the correct src/ organization and logger, has a clear description with a related issue reference, and does not require documentation updates.

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Chroot tests passed! Smoke Chroot - All security and functionality tests succeeded.

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Smoke Copilot BYOK AOAI (api-key) reports failed. AOAI BYOK (api-key) mode investigation needed...

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

🔌 Smoke Services — All services reachable! ✅

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Smoke Copilot BYOK AOAI (Entra) reports failed. AOAI BYOK (Entra) mode investigation needed...

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

📰 VERDICT: Smoke Docker Sbx has concluded. All systems operational. This is a developing story. 🎤

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Smoke Copilot BYOK completed. Copilot BYOK mode operational. 🔓

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

🔑 Smoke Copilot PAT PAT auth validated. All systems operational. ✅

@github-actions

github-actions Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Smoke Claude passed

@github-actions

Copy link
Copy Markdown
Contributor

Gemini Smoke Test Results

  • PR 1: [Filtered]
  • PR 2: [Filtered]
  • GitHub MCP Testing: ✅ (Tool executed, results filtered)
  • GitHub.com Connectivity: ❌ (HTTP 000)
  • File Writing Testing: ✅
  • Bash Tool Testing: ✅

Overall Status: FAIL

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • localhost

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "localhost"

See Network Configuration for more information.

💎 Faceted by Smoke Gemini
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor

🔬 Smoke Test Results

Test Status
GitHub MCP connectivity ✅ Pass
GitHub.com HTTP ⚠️ Pre-step data not injected
File Write/Read ⚠️ Pre-step data not injected

Overall: PARTIAL — MCP confirmed; pre-computed outputs were unexpanded template variables.

cc @lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor

Smoke test: direct BYOK mode (COPILOT_PROVIDER_API_KEY → api-proxy → api.githubcopilot.com) cc @lpcox

Test Result
GitHub MCP connectivity
GitHub.com HTTP check ⚠️ (template not resolved)
File write/read ⚠️ (template not resolved)
BYOK inference (api-proxy)

Running in direct BYOK mode (COPILOT_PROVIDER_API_KEY) via api-proxy → api.githubcopilot.com

Overall: PARTIAL (inference path confirmed ✅; pre-fetched data variables unresolved)

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 BYOK report filed by Smoke Copilot BYOK
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor

Smoke Test: Claude Engine Validation

Check Result
API Status ✅ PASS
GH Check ✅ PASS
File Status ✅ PASS

Overall Result: PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Smoke Claude for #6285 · 56.2 AIC · ⊞ 3.3K ·
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor

Smoke Test: Copilot PAT Auth

Test Result
GitHub MCP connectivity
GitHub.com HTTP ⚠️ pre-step data not injected
File write/read ⚠️ pre-step data not injected

Overall: PARTIAL — template vars (${{ steps.smoke-data.outputs.* }}) were not resolved before agent execution.

Auth mode: PAT (COPILOT_GITHUB_TOKEN) | Author: @lpcox

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔑 PAT report filed by Smoke Copilot PAT
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor

Smoke Test: API Proxy OpenTelemetry Tracing

Scenario Result Notes
1. Module Loading ✅ Pass otel.js loads successfully; exports startRequestSpan, setTokenAttributes, setBudgetAttributes, endSpan, endSpanError, shutdown, isEnabled + internal helpers
2. Test Suite ✅ Pass 59 tests passed, 0 failed across otel.test.js and otel-fanout.test.js
3. Env Var Forwarding ✅ Pass agent-environment-credentials.test.ts confirms OTEL_* vars auto-forwarded to agent container
4. Token Tracker Integration ✅ Pass onUsage callback exists in token-tracker-http.js (lines 285, 343) as the OTEL hook point
5. OTEL Diagnostics i️ N/A No live container run; file-based fallback exporter confirmed present at /var/log/api-proxy/otel.jsonl

All scenarios pass. OTEL tracing integration is functional.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

📡 OTel tracing validated by Smoke OTel Tracing
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor

Smoke Test: GitHub Actions Services Connectivity

  • Redis (6379): ❌ Network unreachable
  • PostgreSQL pg_isready (5432): ❌ No response
  • PostgreSQL SELECT 1: ❌ Network unreachable

Result: FAIL

The AWF sandbox blocks non-HTTP/HTTPS traffic (ports 5432/6379 are in the iptables blocked list). Service containers are not reachable from within the AWF agent container.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

🔌 Service connectivity validated by Smoke Services
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor

🏗️ Build Test Suite Results

Ecosystem Project Build/Install Tests Status
Bun elysia 1/1 passed ✅ PASS
Bun hono 1/1 passed ✅ PASS
C++ fmt N/A ✅ PASS
C++ json N/A ✅ PASS
Deno oak N/A 1/1 passed ✅ PASS
Deno std N/A 1/1 passed ✅ PASS
.NET hello-world N/A ✅ PASS
.NET json-parse N/A ✅ PASS
Go color 1/1 passed ✅ PASS
Go env 1/1 passed ✅ PASS
Go uuid 1/1 passed ✅ PASS
Java gson 1/1 passed ✅ PASS
Java caffeine 1/1 passed ✅ PASS
Node.js clsx All passed ✅ PASS
Node.js execa All passed ✅ PASS
Node.js p-limit All passed ✅ PASS
Rust fd 1/1 passed ✅ PASS
Rust zoxide 1/1 passed ✅ PASS

Overall: 8/8 ecosystems passed — ✅ PASS

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by Build Test Suite for #6285 · 24.4 AIC · ⊞ 6.9K ·
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor

🔥 Smoke Test: Docker Sbx — PARTIAL

Test Result
GitHub MCP connectivity ⚠️ Filtered by secrecy policy
GitHub.com HTTP ⚠️ Pre-step vars unexpanded
File write/read ⚠️ Pre-step vars unexpanded

Overall: INCONCLUSIVE — pre-computed step outputs were not passed to the agent (unexpanded ${{ }} templates). MCP PR data filtered by secrecy policy.

@lpcox — please verify the workflow passes smoke-data outputs as env vars to the agent step.

📰 BREAKING: Report filed by Smoke Docker Sbx
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor

Smoke test results:\n- Merged PRs: ✅ updated workflows; ✅ updated workflows\n- PR list query: ✅\n- Page title check: ❌ (network error reaching github.com)\n- File write/read: ✅\n- Discussion query: ✅ (#6253)\n- Build: ❌ (npm ci 403 from registry)\nOverall status: FAIL

Warning

Firewall blocked 2 domains

The following domains were blocked by the firewall during workflow execution:

  • awmgmcpg
  • registry.npmjs.org

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"
    - "registry.npmjs.org"

See Network Configuration for more information.

🔮 The oracle has spoken through Smoke Codex
Add label ready-for-aw to run again

@github-actions

Copy link
Copy Markdown
Contributor

Chroot Version Comparison

Runtime Host Version Chroot Version Match?
Python Python 3.12.13 Python 3.12.3 ❌ NO
Node.js v24.18.0 v22.23.1 ❌ NO
Go go1.22.12 go1.22.12 ✅ YES

Result: Not all tests passed. Python and Node.js versions differ between host and chroot environments.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Tested by Smoke Chroot
Add label ready-for-aw to run again

@lpcox
lpcox merged commit d47cc8b into main Jul 16, 2026
132 of 135 checks passed
@lpcox
lpcox deleted the fix/hosts-file-eacces-diagnostic-and-fallback branch July 16, 2026 03:37
lpcox added a commit that referenced this pull request Jul 16, 2026
* fix: chmod mkdtempSync dirs and add file-permissions-checker CI

The EACCES fallback in hosts-file.ts (PR #6285) still crashed because the
fallback path also used mkdtempSync without overriding the restrictive
umask (0177) that some Ubuntu 24.04 runners apply. Both the primary and
fallback mkdtempSync now get an explicit chmodSync(dir, 0o700).

Additionally, adds a comprehensive file-permissions-checker CI workflow
that catches this class of bug via:

- Static analysis: detects mkdtempSync without chmod, mkdirSync mode
  without chmod, unguarded cleanup file ops, execa chmod without
  error handling
- Runtime tests: validates all critical directory creation patterns
  under a simulated restrictive umask (0177)

Closes github/gh-aw#46062

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Copilot-Session: 8bef4805-c013-4d25-908f-125577735990

* fix: chmod test dir before writing file in cross-uid test

The cross-uid-cleanup-resilience test creates a directory then writes
a file into it. Under umask 0177 (as set by the CI step), mkdirSync
creates the dir with mode 0600 (no execute bit), so the writeFileSync
fails before we even get to restrict the dir to 0555.

Fix: chmod the dir to 0755 immediately after creation, then restrict
it after writing the test file.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Copilot-Session: 8bef4805-c013-4d25-908f-125577735990

* fix: address review feedback on file-permissions-checker

- Wire matrix.os to runs-on so ubuntu-24.04 actually runs on that image
- Handle multiline mkdtempSync assignments in static analysis
  (look back up to 3 lines for split const/let declarations)
- Negative test now fails on Linux if EACCES can't be reproduced
  (validates the threat model is testable on the CI environment)
- Integration test imports actual built generateHostsFileMount function
  instead of reimplementing the pattern inline
- Rename cross-uid test to chmod-repair-retry-pattern (honest about
  what it tests: the local chmod+retry logic, not Docker-based repair)
- Add explicit mode to all writeFileSync calls (fixes CodeQL
  js/insecure-temporary-file alert)

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Copilot-Session: 8bef4805-c013-4d25-908f-125577735990

---------

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants