From cd1ddcb4f1e9bb7b27af5ae57a6d2d19693f2067 Mon Sep 17 00:00:00 2001
From: Olcan <olcans@gmail.com>
Date: Mon, 28 Apr 2025 15:44:17 -0700
Subject: SANDBOX_PORTS env var (#204)

---
 scripts/start_sandbox.sh | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

(limited to 'scripts/start_sandbox.sh')

diff --git a/scripts/start_sandbox.sh b/scripts/start_sandbox.sh
index 199c1519..67c9cf27 100755
--- a/scripts/start_sandbox.sh
+++ b/scripts/start_sandbox.sh
@@ -40,7 +40,8 @@ if ! $CMD images -q "$IMAGE" | grep -q .; then
 fi
 
 # use interactive tty mode and auto-remove container on exit
-run_args=(-it --rm)
+# run init binary inside container to forward signals & reap zombies
+run_args=(-it --rm --init --workdir "$WORKDIR")
 
 # mount current directory as $WORKDIR inside container
 run_args+=(-v "$PWD:$WORKDIR")
@@ -133,10 +134,21 @@ if [ -n "${DEBUG:-}" ]; then
 fi
 node_args+=("$CLI_PATH" "$@")
 
+# open additional ports if SANDBOX_PORTS is set
+if [ -n "${SANDBOX_PORTS:-}" ]; then
+    ports=$(echo "$SANDBOX_PORTS" | tr ',' '\n')
+    for port in $ports; do
+        if [ -n "$port" ]; then
+            echo "SANDBOX_PORTS: $port"
+            run_args+=(-p "$port:$port")
+        fi
+    done
+fi
+
 # run gemini-code in sandbox container
 if [[ "$CMD" == "podman" ]]; then
     # use empty --authfile to skip unnecessary auth refresh overhead
-    $CMD run "${run_args[@]}" --init --authfile <(echo '{}') --workdir "$WORKDIR" "$IMAGE" node "${node_args[@]}"
+    $CMD run "${run_args[@]}" --authfile <(echo '{}') "$IMAGE" node "${node_args[@]}"
 else
-    $CMD run "${run_args[@]}" --init --workdir "$WORKDIR" "$IMAGE" node "${node_args[@]}"
+    $CMD run "${run_args[@]}" "$IMAGE" node "${node_args[@]}"
 fi
-- 
cgit v1.2.3