From 21d8bda1fb649566990e47166a6321b657776afa Mon Sep 17 00:00:00 2001
From: Yevhenii Shcherbina <yevhenii@coder.com>
Date: Fri, 20 Feb 2026 21:10:29 +0000
Subject: [PATCH 1/2] feat: clear no-proxy envs for child process

---
 landjail/child.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/landjail/child.go b/landjail/child.go
index 155c2070..37bb05b3 100644
--- a/landjail/child.go
+++ b/landjail/child.go
@@ -96,6 +96,12 @@ func getEnvsForTargetProcess(configDir string, caCertPath string, httpProxyPort
 		"HTTPS_PROXY": proxyAddr,
 		"http_proxy":  proxyAddr,
 		"https_proxy": proxyAddr,
+
+		// Clear proxy-bypass lists so the target never bypasses Boundary's proxy.
+		// Corporate envs often set no_proxy=.internal.cloud; if we leave it, the
+		// target tries direct connections for those hosts and Landlock blocks them.
+		"no_proxy":  "",
+		"NO_PROXY":  "",
 	})
 
 	return e

From e3fa68128f48e3bce29e323800163ae683d03a59 Mon Sep 17 00:00:00 2001
From: Yevhenii Shcherbina <yevhenii@coder.com>
Date: Fri, 20 Feb 2026 21:29:54 +0000
Subject: [PATCH 2/2] ci: make fmt

---
 landjail/child.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/landjail/child.go b/landjail/child.go
index 37bb05b3..a88abf92 100644
--- a/landjail/child.go
+++ b/landjail/child.go
@@ -100,8 +100,8 @@ func getEnvsForTargetProcess(configDir string, caCertPath string, httpProxyPort
 		// Clear proxy-bypass lists so the target never bypasses Boundary's proxy.
 		// Corporate envs often set no_proxy=.internal.cloud; if we leave it, the
 		// target tries direct connections for those hosts and Landlock blocks them.
-		"no_proxy":  "",
-		"NO_PROXY":  "",
+		"no_proxy": "",
+		"NO_PROXY": "",
 	})
 
 	return e