Skip to content

fix(execd): extend mitm CA wait to 300s and log wait duration#943

Merged
hittyt merged 1 commit into
opensandbox-group:mainfrom
Pangjiping:fix/execd-mitm-ca-wait-300s
May 25, 2026
Merged

fix(execd): extend mitm CA wait to 300s and log wait duration#943
hittyt merged 1 commit into
opensandbox-group:mainfrom
Pangjiping:fix/execd-mitm-ca-wait-300s

Conversation

@Pangjiping
Copy link
Copy Markdown
Collaborator

@Pangjiping Pangjiping commented May 25, 2026

Summary

The bootstrap script waited at most 30s for /opt/opensandbox/mitmproxy-ca-cert.pem before skipping system CA trust setup. When the egress sidecar is recovering from a transient failure (e.g. mitmproxy OOM-killed and being restarted with backoff), 30s is not enough and the sandbox starts without TLS interception support, silently breaking HTTPS for system libraries.

Extend the wait to 300s and log the actual wait duration on success so the boot timeline is visible in execd logs.

Testing

  • Not run (explain why)
  • Unit tests
  • Integration tests
  • e2e / manual verification

Breaking Changes

  • None
  • Yes (describe impact and migration path)

Checklist

  • Linked Issue or clearly described motivation
  • Added/updated docs (if needed)
  • Added/updated tests (if needed)
  • Security impact considered
  • Backward compatibility considered

@Pangjiping
fix(execd): extend mitm CA wait to 300s and log wait duration
70d3768 
The bootstrap script waited at most 30s for /opt/opensandbox/mitmproxy-ca-cert.pem
before skipping system CA trust setup. When the egress sidecar is recovering
from a transient failure (e.g. mitmproxy OOM-killed and being restarted with
backoff), 30s is not enough and the sandbox starts without TLS interception
support, silently breaking HTTPS for system libraries.

Extend the wait to 300s and log the actual wait duration on success so the
boot timeline is visible in execd logs.
@Pangjiping Pangjiping added bug Something isn't working component/execd labels May 25, 2026
hittyt
hittyt approved these changes May 25, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@hittyt hittyt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@hittyt hittyt merged commit d10f0e3 into opensandbox-group:main May 25, 2026
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hittyt hittyt hittyt approved these changes

@ninan-nn ninan-nn Awaiting requested review from ninan-nn ninan-nn is a code owner

Assignees

@hittyt hittyt

Labels

bug Something isn't working component/execd

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Pangjiping @hittyt