diff --git a/src/docker-manager.test.ts b/src/docker-manager.test.ts
index 541a7d69..acb9437d 100644
--- a/src/docker-manager.test.ts
+++ b/src/docker-manager.test.ts
@@ -557,6 +557,7 @@ describe('docker-manager', () => {
       expect(volumes).toContain('/etc/ca-certificates:/host/etc/ca-certificates:ro');
       expect(volumes).toContain('/etc/alternatives:/host/etc/alternatives:ro');
       expect(volumes).toContain('/etc/ld.so.cache:/host/etc/ld.so.cache:ro');
+      expect(volumes).toContain('/etc/hosts:/host/etc/hosts:ro');
 
       // Should still include essential mounts
       expect(volumes).toContain('/tmp:/tmp:rw');
diff --git a/src/docker-manager.ts b/src/docker-manager.ts
index ef1602c9..cbba754a 100644
--- a/src/docker-manager.ts
+++ b/src/docker-manager.ts
@@ -469,6 +469,7 @@ export function generateDockerCompose(
       '/etc/passwd:/host/etc/passwd:ro',                   // User database (needed for getent/user lookup)
       '/etc/group:/host/etc/group:ro',                     // Group database (needed for getent/group lookup)
       '/etc/nsswitch.conf:/host/etc/nsswitch.conf:ro',     // Name service switch config
+      '/etc/hosts:/host/etc/hosts:ro',                     // Host name resolution (localhost, etc.)
     );
 
     // SECURITY: Hide Docker socket to prevent firewall bypass via 'docker run'