fix: mount /etc/hosts in chroot and fix HTTP blocking test (#522)

## Changes

### Mount /etc/hosts in chroot mode and handle missing resolv.conf
- Mount `/etc/hosts` read-only inside the chroot for hostname resolution (e.g., localhost)
- Handle missing `/host/etc/resolv.conf` when using selective /etc mounts: create the file instead of failing, clean it up on exit

### Fix HTTP blocking test for intercept mode
- Fix the HTTP blocking integration test to check HTTP status code instead of exit code, since Squid returns a 403 HTML page for blocked HTTP requests in intercept mode (curl exits 0)

### Ensure .copilot directory permissions before CLI install
- Create `.copilot` directory with correct ownership before installing Copilot CLI in smoke-chroot workflow

---

Note: 4 failing CI checks are pre-existing failures also present on main (caused by HTTPS_PROXY removal in #524).

Author: Mossaka

.github/workflows/smoke-chroot.lock.yml

@@ -166,15 +166,27 @@ if [ "${AWF_CHROOT_ENABLED}" = "true" ]; then
   # NOTE: We backup the host's original resolv.conf and set up a trap to restore it
   RESOLV_BACKUP="/host/etc/resolv.conf.awf-backup-$$"
   RESOLV_MODIFIED=false
-  if cp /host/etc/resolv.conf "$RESOLV_BACKUP" 2>/dev/null; then
-    if cp /etc/resolv.conf /host/etc/resolv.conf.awf 2>/dev/null; then
-      mv /host/etc/resolv.conf.awf /host/etc/resolv.conf 2>/dev/null && RESOLV_MODIFIED=true
-      echo "[entrypoint] DNS configuration copied to chroot (backup at $RESOLV_BACKUP)"
+  RESOLV_CREATED=false
+  if [ -f /host/etc/resolv.conf ]; then
+    # File exists: backup original and replace
+    if cp /host/etc/resolv.conf "$RESOLV_BACKUP" 2>/dev/null; then
+      if cp /etc/resolv.conf /host/etc/resolv.conf.awf 2>/dev/null; then
+        mv /host/etc/resolv.conf.awf /host/etc/resolv.conf 2>/dev/null && RESOLV_MODIFIED=true
+        echo "[entrypoint] DNS configuration copied to chroot (backup at $RESOLV_BACKUP)"
+      else
+        echo "[entrypoint][WARN] Could not copy DNS configuration to chroot"
+      fi
     else
-      echo "[entrypoint][WARN] Could not copy DNS configuration to chroot"
+      echo "[entrypoint][WARN] Could not backup host resolv.conf, skipping DNS override"
     fi
   else
-    echo "[entrypoint][WARN] Could not backup host resolv.conf, skipping DNS override"
+    # File doesn't exist: create it (selective /etc mounts don't include resolv.conf)
+    if cp /etc/resolv.conf /host/etc/resolv.conf 2>/dev/null; then
+      RESOLV_CREATED=true
+      echo "[entrypoint] DNS configuration created in chroot (/host/etc/resolv.conf)"
+    else
+      echo "[entrypoint][WARN] Could not create DNS configuration in chroot"
+    fi
   fi
 
   # Determine working directory inside the chroot
@@ -280,14 +292,18 @@ AWFEOF
   # Note: We use capsh inside the chroot because it handles the privilege drop
   # and user switch atomically. The host must have capsh installed.
 
-  # Build cleanup command that restores resolv.conf if it was modified
+  # Build cleanup command that restores resolv.conf if it was modified or created
   # The backup path uses the chroot perspective (no /host prefix)
   CLEANUP_CMD="rm -f ${SCRIPT_FILE}"
   if [ "$RESOLV_MODIFIED" = "true" ]; then
     # Convert backup path from container perspective (/host/etc/...) to chroot perspective (/etc/...)
     CHROOT_RESOLV_BACKUP="${RESOLV_BACKUP#/host}"
     CLEANUP_CMD="${CLEANUP_CMD}; mv '${CHROOT_RESOLV_BACKUP}' /etc/resolv.conf 2>/dev/null || true"
     echo "[entrypoint] DNS configuration will be restored on exit"
+  elif [ "$RESOLV_CREATED" = "true" ]; then
+    # File was created by us; remove it on exit to leave no trace
+    CLEANUP_CMD="${CLEANUP_CMD}; rm -f /etc/resolv.conf 2>/dev/null || true"
+    echo "[entrypoint] DNS configuration will be removed on exit"
   fi
 
   exec chroot /host /bin/bash -c "

containers/agent/entrypoint.sh

@@ -559,6 +559,7 @@ describe('docker-manager', () => {
       expect(volumes).toContain('/etc/ca-certificates:/host/etc/ca-certificates:ro');
       expect(volumes).toContain('/etc/alternatives:/host/etc/alternatives:ro');
       expect(volumes).toContain('/etc/ld.so.cache:/host/etc/ld.so.cache:ro');
+      expect(volumes).toContain('/etc/hosts:/host/etc/hosts:ro');
 
       // Should still include essential mounts
       expect(volumes).toContain('/tmp:/tmp:rw');
@@ -613,6 +614,14 @@ describe('docker-manager', () => {
       expect(agent.cap_add).not.toContain('SYS_CHROOT');
     });
 
+    it('should not mount /etc/hosts under /host when enableChroot is false', () => {
+      const result = generateDockerCompose(mockConfig, mockNetworkConfig);
+      const agent = result.services.agent;
+      const volumes = agent.volumes as string[];
+
+      expect(volumes).not.toContain('/etc/hosts:/host/etc/hosts:ro');
+    });
+
     it('should set AWF_CHROOT_ENABLED environment variable when enableChroot is true', () => {
       const configWithChroot = {
         ...mockConfig,
@@ -715,6 +724,19 @@ describe('docker-manager', () => {
       expect(volumes).toContain('/etc/nsswitch.conf:/host/etc/nsswitch.conf:ro');
     });
 
+    it('should mount /etc/hosts for hostname resolution in chroot mode', () => {
+      const configWithChroot = {
+        ...mockConfig,
+        enableChroot: true
+      };
+      const result = generateDockerCompose(configWithChroot, mockNetworkConfig);
+      const agent = result.services.agent;
+      const volumes = agent.volumes as string[];
+
+      // /etc/hosts is needed for localhost resolution inside chroot
+      expect(volumes).toContain('/etc/hosts:/host/etc/hosts:ro');
+    });
+
     it('should use GHCR image when enableChroot is true with default preset (GHCR)', () => {
       const configWithChroot = {
         ...mockConfig,

src/docker-manager.test.ts

@@ -471,6 +471,7 @@ export function generateDockerCompose(
       '/etc/passwd:/host/etc/passwd:ro',                   // User database (needed for getent/user lookup)
       '/etc/group:/host/etc/group:ro',                     // Group database (needed for getent/group lookup)
       '/etc/nsswitch.conf:/host/etc/nsswitch.conf:ro',     // Name service switch config
+      '/etc/hosts:/host/etc/hosts:ro',                     // Host name resolution (localhost, etc.) Note: won't include Docker extra_hosts like host.docker.internal
     );
 
     // SECURITY: Hide Docker socket to prevent firewall bypass via 'docker run'

src/docker-manager.ts

@@ -272,15 +272,22 @@ describe('Chroot Edge Cases', () => {
     }, 60000);
 
     test('should block HTTP to non-whitelisted domains', async () => {
-      const result = await runner.runWithSudo('curl -s --connect-timeout 5 http://example.com 2>&1', {
+      const result = await runner.runWithSudo('curl -s -o /dev/null -w "%{http_code}" --connect-timeout 5 http://example.com 2>&1 || true', {
         allowDomains: ['github.com'],
         logLevel: 'debug',
         timeout: 30000,
         enableChroot: true,
       });
 
-      // Should fail or timeout
-      expect(result).toFail();
+      // In intercept mode, Squid returns 403 for blocked HTTP domains.
+      // If the request fails entirely (connection refused/timeout), that also counts as blocked.
+      // We check stdout for the HTTP status code or a non-200 result.
+      if (result.success) {
+        // AWF succeeded (exit 0) — check the HTTP status code in output
+        // It should NOT be 200 (should be 403 or 000 for connection failure)
+        expect(result.stdout).not.toContain('200');
+      }
+      // If AWF failed (non-zero exit), the request was blocked — test passes
     }, 60000);
   });