core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/codex-rs/shell-escalation/README.md
Michael Bolin 3241c1c6cc
fix: use https://git.savannah.gnu.org/git/bash instead of https://github.com/bolinfest/bash (#13057) 
Historically, we cloned the Bash repo from
https://github.com/bminor/bash, but for whatever reason, it was removed
at some point.

I had a local clone of it, so I pushed it to
https://github.com/bolinfest/bash so that we could continue running our
CI job. I did this in https://github.com/openai/codex/pull/9563, and as
you can see, I did not tamper with the commit hash we used as the basis
of this build.

Using a personal fork is not great, so this PR changes the CI job to use
what appears to be considered the source of truth for Bash, which is
https://git.savannah.gnu.org/git/bash.git.

Though in testing this out, it appears this Git server does not support
the combination of `git clone --depth 1
https://git.savannah.gnu.org/git/bash` and `git fetch --depth 1 origin
a8a1c2fac029404d3f42cd39f5a20f24b6e4fe4b`, as it fails with the
following error:

```
error: Server does not allow request for unadvertised object a8a1c2fac029404d3f42cd39f5a20f24b6e4fe4b
```

so unfortunately this means that we have to do a full clone instead of a
shallow clone in our CI jobs, which will be a bit slower.

Also updated `codex-rs/shell-escalation/README.md` to reflect this
change.
2026-03-02 09:09:54 -08:00

28 lines
1.4 KiB
Markdown
Raw Permalink Blame History

# codex-shell-escalation
This crate contains the Unix shell-escalation protocol implementation and the
`codex-execve-wrapper` executable.
`codex-execve-wrapper` receives the arguments to an intercepted `execve(2)` call and delegates the
decision to the shell-escalation protocol over a shared file descriptor (specified by the
`CODEX_ESCALATE_SOCKET` environment variable). The server on the other side replies with one of:
- `Run`: `codex-execve-wrapper` should invoke `execve(2)` on itself to run the original command
within the sandboxed shell.
- `Escalate`: forward the file descriptors of the current process so the command can be run
faithfully outside the sandbox. When the process completes, the server forwards the exit code
back to `codex-execve-wrapper`.
- `Deny`: the server has declared the proposed command to be forbidden, so
`codex-execve-wrapper` prints an error to `stderr` and exits with `1`.
## Patched Bash
We carry a small patch to `execute_cmd.c` (see `patches/bash-exec-wrapper.patch`) that adds support for `EXEC_WRAPPER`. The original commit message is “add support for BASH_EXEC_WRAPPER” and the patch applies cleanly to `a8a1c2fac029404d3f42cd39f5a20f24b6e4fe4b` from https://github.com/bminor/bash. To rebuild manually:
```bash
git clone https://git.savannah.gnu.org/git/bash
git checkout a8a1c2fac029404d3f42cd39f5a20f24b6e4fe4b
git apply /path/to/patches/bash-exec-wrapper.patch
./configure --without-bash-malloc
make -j"$(nproc)"
```
Reference in a new issue View git blame Copy permalink