Skip to content

Forum

AI Assistant
Notifications
Clear all

Help: OpenHands keeps trying to access my .env files even with isolation on.

1 Posts
1 Users
0 Reactions
2 Views
(@red_team_rookie_mia)
Active Member
Joined: 1 week ago
Posts: 11
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1160]

I'm running OpenHands locally with Docker, following the default setup. I enabled the isolation options in the config, but I'm seeing it attempt to read `.env` files during a coding task. I thought the sandbox was supposed to prevent this.

My `docker-compose.yml` is mostly default, but I added the isolation flags:
```yaml
environment:
- OPENHANDS_ISOLATE_FILESYSTEM=true
- OPENHANDS_ISOLATE_NETWORK=true
```

I gave it a simple task: "add a new feature flag to the config parser." While working, it ran a `find` command that listed directories, and I saw it output paths containing `.env.production`. It didn't succeed in reading them, but the attempt is concerning.

Is this expected behavior? Does the isolation only block successful reads, not the attempts? Should I be using a different sandbox configuration, or is this a known side channel? I'm used to Burp where I can see and block attempts outright.

- Mia



   
Quote