NVIDIA · drew · May 16, 2026
@@ -17,11 +17,11 @@ BOOT_START=$(date +%s%3N 2>/dev/null || date +%s)
 #                     gvproxy's TCP/UDP/ICMP forwarder. Use this address
 #                     (or any of the host.* hostnames below) to reach a
 #                     service the host is listening on.
-# The host.containers.internal / host.docker.internal DNS records served
-# by gvproxy's embedded resolver point at 192.168.127.254. We mirror that
-# in /etc/hosts so the supervisor can reach the gateway even when
-# gvproxy's DNS is not in resolv.conf (e.g. DHCP failed and we fell
-# back to 8.8.8.8).
+# The host.openshell.internal / host.containers.internal /
+# host.docker.internal DNS records served by gvproxy's embedded resolver
+# point at 192.168.127.254. We mirror that in /etc/hosts so the supervisor
+# can reach the gateway even when gvproxy's DNS is not in resolv.conf
+# (e.g. DHCP failed and we fell back to 8.8.8.8).
 GVPROXY_GATEWAY_IP="192.168.127.1"
 GVPROXY_HOST_LOOPBACK_IP="192.168.127.254"
 GATEWAY_IP="$GVPROXY_GATEWAY_IP"
@@ -419,7 +419,12 @@ rewrite_openshell_endpoint_if_needed() {
     if [ "${GATEWAY_IP}" != "${GVPROXY_GATEWAY_IP}" ]; then
         fallback_ip="$GATEWAY_IP"
     fi
-    for candidate in host.openshell.internal host.containers.internal host.docker.internal "$fallback_ip"; do
+    local candidates="host.openshell.internal host.containers.internal host.docker.internal"
+    if [ "$scheme" != "https" ]; then
+        candidates="${candidates} ${fallback_ip}"
+    fi
+
+    for candidate in $candidates; do
         if [ "$candidate" = "$host" ]; then
             continue
         fi
@@ -435,6 +440,11 @@ rewrite_openshell_endpoint_if_needed() {
         fi
     done
 
+    if [ "$scheme" = "https" ]; then
+        ts "WARNING: could not preflight HTTPS OpenShell endpoint ${host}:${port}; preserving hostname for TLS verification"
+        return 0
+    fi
+
     ts "WARNING: could not reach OpenShell endpoint ${host}:${port}"
 }
 

@@ -91,11 +91,11 @@ const OPENSHELL_HOST_GATEWAY_ALIAS: &str = "host.openshell.internal";
 ///     resolves even when gvproxy's DNS is not in resolv.conf;
 ///   * keeping a recognisable hostname makes log messages clearer than a bare
 ///     192.168.127.254 reference;
-///   * `host.docker.internal` works the same way for Docker-flavoured tooling.
+///   * package-managed gateway certificates include this SAN for guest mTLS.
 ///
 /// Both names ultimately route through the gvproxy NAT path on
 /// `GVPROXY_HOST_LOOPBACK_IP` — they do **not** go through the gateway IP.
-const GVPROXY_HOST_LOOPBACK_ALIAS: &str = "host.containers.internal";
+const GVPROXY_HOST_LOOPBACK_ALIAS: &str = OPENSHELL_HOST_GATEWAY_ALIAS;
 const GUEST_SSH_SOCKET_PATH: &str = "/run/openshell/ssh.sock";
 const GUEST_TLS_CA_PATH: &str = "/opt/openshell/tls/ca.crt";
 const GUEST_TLS_CERT_PATH: &str = "/opt/openshell/tls/tls.crt";
@@ -3392,7 +3392,7 @@ fn merged_environment(sandbox: &Sandbox) -> HashMap<String, String> {
 /// not the host's. Inside the guest we need a name that gvproxy will translate
 /// into the host's loopback address.
 ///
-/// We rewrite to `host.containers.internal`, which gvproxy's embedded DNS resolves
+/// We rewrite to `host.openshell.internal`, which gvproxy's embedded DNS resolves
 /// to the host-loopback IP `192.168.127.254`. gvproxy installs a default NAT entry
 /// rewriting that destination to the host's `127.0.0.1` and dialing out from the
 /// host process, so any port the host is listening on becomes reachable. The

@@ -379,6 +379,7 @@ fn prepare_sandbox_rootfs(rootfs: &Path) -> Result<(), String> {
         .map_err(|e| format!("write sandbox rootfs marker: {e}"))?;
     ensure_sandbox_guest_user(rootfs)?;
     create_sandbox_mountpoint(&rootfs.join("sandbox"))?;
+    create_sandbox_mountpoint(&rootfs.join("image-cache"))?;
     create_sandbox_mountpoint(&rootfs.join("lower"))?;
     create_sandbox_mountpoint(&rootfs.join("overlay"))?;
     create_sandbox_mountpoint(&rootfs.join("newroot"))?;
@@ -941,6 +942,7 @@ mod tests {
         assert!(rootfs.join("srv/openshell-vm-sandbox-init.sh").is_file());
         assert!(rootfs.join("opt/openshell/bin/umoci").is_file());
         assert!(rootfs.join("sandbox").is_dir());
+        assert!(rootfs.join("image-cache").is_dir());
         assert!(rootfs.join("lower").is_dir());
         assert!(rootfs.join("overlay").is_dir());
         assert!(rootfs.join("newroot").is_dir());