History

viyatb-oai ae4de43ccc feat(linux-sandbox): add bwrap support (#9938 ) ## Summary This PR introduces a gated Bubblewrap (bwrap) Linux sandbox path. The curent Linux sandbox path relies on in-process restrictions (including Landlock). Bubblewrap gives us a more uniform filesystem isolation model, especially explicit writable roots with the option to make some directories read-only and granular network controls. This is behind a feature flag so we can validate behavior safely before making it the default. - Added temporary rollout flag: - `features.use_linux_sandbox_bwrap` - Preserved existing default path when the flag is off. - In Bubblewrap mode: - Added internal retry without /proc when /proc mount is not permitted by the host/container.		2026-02-04 11:13:17 -08:00
..
src	feat(linux-sandbox): add bwrap support (#9938 )	2026-02-04 11:13:17 -08:00
BUILD.bazel	feat: add support for building with Bazel (#8875 )	2026-01-09 11:09:43 -08:00
Cargo.toml	feat: introduce ExternalSandbox policy (#8290 )	2025-12-18 17:02:03 -08:00
README.md	chore: introduce codex-common crate (#843 )	2025-05-06 17:38:56 -07:00

README.md

codex-common

This crate is designed for utilities that need to be shared across other crates in the workspace, but should not go in core.

For narrow utility features, the pattern is to add introduce a new feature under [features] in Cargo.toml and then gate it with #[cfg] in lib.rs, as appropriate.