core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/.github/workflows
History
viyatb-oai ae4de43ccc
feat(linux-sandbox): add bwrap support (#9938) 
## Summary
This PR introduces a gated Bubblewrap (bwrap) Linux sandbox path. The
curent Linux sandbox path relies on in-process restrictions (including
Landlock). Bubblewrap gives us a more uniform filesystem isolation
model, especially explicit writable roots with the option to make some
directories read-only and granular network controls.

This is behind a feature flag so we can validate behavior safely before
making it the default.

- Added temporary rollout flag:
  - `features.use_linux_sandbox_bwrap`
- Preserved existing default path when the flag is off.
- In Bubblewrap mode:
- Added internal retry without /proc when /proc mount is not permitted
by the host/container.
2026-02-04 11:13:17 -08:00
..
bazel.yml feat(linux-sandbox): add bwrap support (#9938) 2026-02-04 11:13:17 -08:00
cargo-deny.yml bump cargo-deny-action ver (#8345) 2025-12-19 15:23:02 -08:00
ci.bazelrc fix: support remote arm64 builds, as well (#9018) 2026-01-10 18:41:08 -08:00
ci.yml use mainline version as baseline in ci (#8271) 2025-12-18 11:53:36 -08:00
cla.yml Fixed CLA action to properly exempt dependabot (#7429) 2025-11-30 20:45:17 -08:00
close-stale-contributor-prs.yml ci: prevent workflows from running on forks (#8629) 2026-01-03 13:12:16 -07:00
codespell.yml chore(deps): bump actions/checkout from 5 to 6 (#7230) 2025-11-24 11:45:57 -08:00
Dockerfile.bazel fix: support remote arm64 builds, as well (#9018) 2026-01-10 18:41:08 -08:00
issue-deduplicator.yml ci: prevent workflows from running on forks (#8629) 2026-01-03 13:12:16 -07:00
issue-labeler.yml Updated labeler workflow prompt to include "app" label (#10411) 2026-02-02 13:13:14 -08:00
rust-ci.yml feat(linux-sandbox): add bwrap support (#9938) 2026-02-04 11:13:17 -08:00
rust-release-prepare.yml ci: prevent workflows from running on forks (#8629) 2026-01-03 13:12:16 -07:00
rust-release.yml feat(linux-sandbox): add bwrap support (#9938) 2026-02-04 11:13:17 -08:00
sdk.yml Upgrade to rust 1.93 (#10080) 2026-01-28 17:46:18 +00:00
shell-tool-mcp-ci.yml fix: remove references to corepack (#10138) 2026-01-28 23:31:25 -08:00
shell-tool-mcp.yml fix: unify npm publish call across shell-tool-mcp.yml and rust-release.yml (#10182) 2026-01-29 11:51:33 -08:00