[Bug]: Sandbox boundary checks fail on mkdirp: "cannot create directories: /workspace" #31438
Description
Bug type
Regression (worked before, now fails)
Summary
沙箱正确挂载了 workspace(/workspace 指向 agent 工作区)
边界检查代码在 mkdirp 时调用了 openBoundaryFile,但该函数期望处理文件而非目录
当目录已存在时,边界检查将其视为"文件"并尝试验证,导致失败
Steps to reproduce
1.配置 Agent 沙箱:sandbox.mode: "all", sandbox.scope: "agent", sandbox.workspaceAccess: "rw", sandbox.docker.readOnlyRoot: false
2.Agent 尝试创建目录(如 /workspace/memory)
3.报错:Sandbox boundary checks failed; cannot create directories: /workspace
Expected behavior
允许在已挂载的 workspace 内创建目录
Actual behavior
边界检查失败
OpenClaw version
OpenClaw 2026.2.26
Operating system
Linux VM-0-4-tencentos 5.4.241-24.0017.26 x86_64
Install method
No response
Logs, screenshots, and evidence
Impact and severity
No response
Additional information
No response