Summary
The egress firewall is applied via `docker exec` (or equivalent) after the container starts. Fast-exiting containers — e.g. `moat run -- sh -c 'curl -s http://bad.example >/dev/null'` — can complete their outbound request before the iptables rules are installed, giving a narrow window where traffic that should have been blocked is allowed.
Context
Surfaced during code review of #NNN (fix/host-traffic-proxy-bypass branch) as P1-5 in the CE review. The branch adds a `sleep 1` to one e2e test as a workaround for this race; production code is unmitigated. Tracked for a separate root-cause fix.
Repro
- `moat run` with `network.policy: strict` and a command that makes a network request and exits immediately (e.g. `curl` + `exit`).
- On a few runs, traffic to a non-allowed host succeeds because the firewall hadn't finished installing.
Suggested fix
- Start the container paused, install iptables rules, then unpause.
- Or apply the firewall inside the entrypoint (before `exec` to the user command) so rules are guaranteed to be in place.
- Add a hostile test that exits in <50ms and asserts the block always takes effect.
Impact
Narrow race window under strict policy. The fix should make strict policy unconditionally safe regardless of how fast the container exits.
Summary
The egress firewall is applied via `docker exec` (or equivalent) after the container starts. Fast-exiting containers — e.g. `moat run -- sh -c 'curl -s http://bad.example >/dev/null'` — can complete their outbound request before the iptables rules are installed, giving a narrow window where traffic that should have been blocked is allowed.
Context
Surfaced during code review of #NNN (fix/host-traffic-proxy-bypass branch) as P1-5 in the CE review. The branch adds a `sleep 1` to one e2e test as a workaround for this race; production code is unmitigated. Tracked for a separate root-cause fix.
Repro
Suggested fix
Impact
Narrow race window under strict policy. The fix should make strict policy unconditionally safe regardless of how fast the container exits.