core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/codex-rs/linux-sandbox/src
History
viyatb-oai 4fe99b086f
fix(linux-sandbox): mount /dev in bwrap sandbox (#12081) 
## Summary
- Updates the Linux bubblewrap sandbox args to mount a minimal `/dev`
using `--dev /dev` instead of only binding `/dev/null`. tools needing
entropy (git, crypto libs, etc.) can fail.

- Changed mount order so `--dev /dev` is added before writable-root
`--bind` mounts, preserving writable `/dev/*` submounts like `/dev/shm`

## Why
Fixes sandboxed command failures when reading `/dev/urandom` (and
similar standard device-node access).


Fixes https://github.com/openai/codex/issues/12056
2026-02-18 23:27:32 -08:00
..
bwrap.rs fix(linux-sandbox): mount /dev in bwrap sandbox (#12081) 2026-02-18 23:27:32 -08:00
landlock.rs feat: make sandbox read access configurable with ReadOnlyAccess (#11387) 2026-02-11 18:31:14 -08:00
lib.rs feat(linux-sandbox): vendor bubblewrap and wire it with FFI (#10413) 2026-02-02 23:33:46 -08:00
linux_run_main.rs fix(linux-sandbox): mount /dev in bwrap sandbox (#12081) 2026-02-18 23:27:32 -08:00
main.rs fix: overhaul how we spawn commands under seccomp/landlock on Linux (#1086) 2025-05-23 11:37:07 -07:00
vendored_bwrap.rs build(linux-sandbox): always compile vendored bubblewrap on Linux; remove CODEX_BWRAP_ENABLE_FFI (#11498) 2026-02-11 21:30:41 -08:00