vrr/qwen-code
2
0
Fork 0
mirror of https://github.com/QwenLM/qwen-code.git synced 2026-04-30 20:50:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 21

Merge pull request #1966 from QwenLM/mingholy/fix-sandbox-issue

Browse source 
Rename GEMINI_CLI_INTEGRATION_TEST to QWEN_CODE_INTEGRATION_TEST and refactor sandbox user handling
This commit is contained in:
tanzhenxin 2026-02-27 21:22:34 +08:00 committed by GitHub
commit 54d05d8674
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 14 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

20
packages/cli/src/utils/sandbox.ts
View file

@ -541,7 +541,7 @@ export async function start_sandbox(
// name container after image, plus random suffix to avoid conflicts
const imageName = parseImageName(image);
const isIntegrationTest =
process.env['GEMINI_CLI_INTEGRATION_TEST'] === 'true';
process.env['QWEN_CODE_INTEGRATION_TEST'] === 'true';
let containerName;
if (isIntegrationTest) {
containerName = `qwen-code-integration-test-${randomBytes(4).toString(
@ -721,11 +721,10 @@ export async function start_sandbox(
// tests that need to access host's ~/.qwen (e.g., --resume functionality)
const useCurrentUser = await shouldUseCurrentUserInSandbox();
if (!useCurrentUser) {
// Use root user (default for integration tests or when explicitly disabled)
args.push('--user', 'root');
userFlag = '--user root';
} else {
if (useCurrentUser) {
// SANDBOX_SET_UID_GID is enabled: create user with host's UID/GID
// This includes integration test mode with SANDBOX_SET_UID_GID=true,
// allowing tests that need to access host's ~/.qwen (e.g., --resume) to work.
// For the user-creation logic to work, the container must start as root.
// The entrypoint script then handles dropping privileges to the correct user.
args.push('--user', 'root');
@ -735,10 +734,10 @@ export async function start_sandbox(
// Instead of passing --user to the main sandbox container, we let it
// start as root, then create a user with the host's UID/GID, and
// finally switch to that user to run the gemini process. This is
// finally switch to that user to run the qwen process. This is
// necessary on Linux to ensure the user exists within the
// container's /etc/passwd file, which is required by os.userInfo().
const username = 'gemini';
const username = 'qwen';
const homeDir = getContainerPath(os.homedir());
const setupUserCommands = [
@ -761,7 +760,12 @@ export async function start_sandbox(
userFlag = `--user ${uid}:${gid}`;
// When forcing a UID in the sandbox, $HOME can be reset to '/', so we copy $HOME as well.
args.push('--env', `HOME=${os.homedir()}`);
} else if (isIntegrationTest) {
// Integration test mode with UID/GID matching disabled: use root
args.push('--user', 'root');
userFlag = '--user root';
}
// else: non-IT mode with UID/GID matching disabled - use image default user (node)
// push container image name
args.push(image);