bug: e2e log-reading tests broken after rolling log appender change (PR #431) #480
Description
Agent Diagnostic
Investigated failed e2e job: https://github.com/NVIDIA/OpenShell/actions/runs/23307639599/job/67786946813
Loaded skill: explore agent to examine e2e/python/test_sandbox_policy.py and crates/openshell-sandbox/src/main.rs.
Root cause: PR #431 replaced the single log file /var/log/openshell.log with a RollingFileAppender that writes date-stamped files (/var/log/openshell.YYYY-MM-DD.log). The e2e tests still reference the hardcoded path /var/log/openshell.log, so all log-reading assertions find empty content or a missing file.
Two helper functions are affected:
_read_openshell_log()(line 170): opens/var/log/openshell.logdirectly_verify_sandbox_functional()(line 1546): checksos.path.exists("/var/log/openshell.log")
Description
Actual behavior: 7 e2e tests in test_sandbox_policy.py fail because they read from /var/log/openshell.log which no longer exists. The rolling appender now writes to /var/log/openshell.YYYY-MM-DD.log.
Expected behavior: E2e tests should discover and read the rolling log files correctly.
Failing Tests
test_l4_log_fields— log content is empty ('\n')test_ssrf_log_shows_internal_address_block— log content is emptytest_l7_tls_audit_mode_allows_but_logs— log content is emptytest_l7_tls_log_fields— log content is emptytest_forward_proxy_log_fields— log content is emptytest_baseline_enrichment_missing_filesystem_policy— "OpenShell log not accessible"test_baseline_enrichment_incomplete_filesystem_policy— "OpenShell log not accessible"
Reproduction Steps
- Merge PR fix(sandbox): rotate openshell.log daily, keep 3 files #431 (rolling log appender change)
- Run
mise run e2e - Observe 7 failures in
test_sandbox_policy.py
Environment
- CI runner:
ghcr.io/nvidia/openshell-ci:latest - Python: 3.13.12
- Workflow run: https://github.com/NVIDIA/OpenShell/actions/runs/23307639599