didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

fix(egress-proxy-apply): chmod tmp file 0644 so mitmproxy can read post-cp
test / unit (pull_request) Successful in 18s
Details
test / integration (pull_request) Successful in 1m3s
Details

Browse Source 
apply_routes_change wrote the proposed routes via
`tempfile.mkstemp` (default mode 0600) then `docker cp`'d into the
egress-proxy container. docker cp preserves mode + host uid, so
the file landed inside the container as 0600 owned by the host
user's uid — which is not the mitmproxy user (uid 1000) the
addon runs as. The SIGHUP-triggered reload then failed with
PermissionError on the re-read, the old routes table stayed in
memory, and the operator-approved route never took effect.

Symptoms reported:
  - Operator approves egress-proxy-block proposal that adds
    google.com to routes.
  - Agent retries `curl https://google.com` and still gets 403
    "egress-proxy: host 'google.com' is not in the bottle's
    egress_proxy.routes allowlist."
  - `docker exec <egress-proxy> cat /etc/egress-proxy/routes.yaml`
    returns "Permission denied" (mitmproxy user can't read it,
    so the reload couldn't either).

Fix: chmod 0644 on the host tmp file before docker cp. Mirrors
the same pattern in DockerEgressProxy.start which already chmods
the original routes.yaml + the CAs before cp. The proposed routes
content carries no secrets (tokens live in the egress-proxy
container's environ, not the routes file), so 0644 in /tmp for
the brief window between write and cp is safe.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
didericis
2026-05-25 17:25:35 -04:00
parent fad76d3364
commit d75d5f3e48
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
claude_bottle/backend/docker/egress_proxy_apply.py
+11
View File
@@ -80,6 +80,17 @@ def apply_routes_change(slug: str, new_content: str) -> tuple[str, str]:
try:
with os.fdopen(fd, "w") as f:
f.write(new_content)
# mkstemp creates the file with mode 0600. `docker cp`
# preserves mode + host uid into the container, so without
# chmod the file lands as 0600 owned by the host user's uid,
# which inside the container is not mitmproxy (uid 1000) —
# the addon's reload then fails with PermissionError on the
# SIGHUP-triggered re-read and the old routes table stays in
# memory. Bump to 0644 so mitmproxy can read it post-cp;
# the host stage_dir doesn't apply to this tmp file but the
# content isn't secret (no tokens — those live in the
# container's environ), so 0644 in /tmp is fine.
os.chmod(tmp_path, 0o644)
cp = subprocess.run(
["docker", "cp", tmp_path,
f"{container}:{EGRESS_PROXY_ROUTES_IN_CONTAINER}"],