fix: make linux mandatory deny mounts symlink-aware

[jy-tan]

Summary

Fix Linux sandbox mount behavior for symlinked mandatory deny paths so bubblewrap startup no longer fails when the path is a symlink. Also centralize wildcard-domain network policy logic shared by Linux and macOS.

Changes

• resolve mandatory deny mount targets through symlinks before mounting in internal/sandbox/linux.go
• skip unsafe/unresolvable symlink mount targets and preserve explicit denyRead precedence
• add Linux unit tests for mount-path resolution (regular, symlink, broken symlink) in internal/sandbox/linux_test.go
• add Linux integration test reproducing issue bubblewrap fails to mount gitconfig if it's a symlink #51 conditions with symlinked ~/.gitconfig
• extract shared wildcard-domain policy helper to internal/sandbox/network_policy.go
• update Linux/macOS sandbox code to use the shared wildcard helper
• move wildcard behavior tests to internal/sandbox/network_policy_test.go

[cubic-dev-ai]

1 issue found across 6 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="internal/sandbox/linux.go">

<violation number="1" location="internal/sandbox/linux.go:742">
P3: `canMountOver(mountPath)` is always `true` here and can be removed. `resolvePathForMount` already guarantees `fileExists(mountPath)` and that `mountPath` is not a symlink, so both checks inside `canMountOver` are redundant at this call site.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}