Skip to content

Commit 87f50f5

Browse files
fix(e2e): add /dev/urandom to provider test sandbox policy (#948)
Python runtime requires /dev/urandom access during initialization to seed the hash randomizer. The _default_policy() in provider tests was missing this path, causing exec_python tests to fail with: 'Fatal Python error: _Py_HashRandomization_Init: failed to get random numbers to initialize Python'. Add /dev/urandom to read_only paths to match the policy used in test_sandbox_policy.py, allowing Python to initialize successfully. Signed-off-by: Derek Carr <decarr@redhat.com>
1 parent 7f8e210 commit 87f50f5

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

e2e/python/test_sandbox_providers.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ def _default_policy() -> sandbox_pb2.SandboxPolicy:
3636
version=1,
3737
filesystem=sandbox_pb2.FilesystemPolicy(
3838
include_workdir=True,
39-
read_only=["/usr", "/lib", "/etc", "/app"],
39+
read_only=["/usr", "/lib", "/etc", "/app", "/dev/urandom"],
4040
read_write=["/sandbox", "/tmp"],
4141
),
4242
landlock=sandbox_pb2.LandlockPolicy(compatibility="best_effort"),

0 commit comments

Comments
 (0)