core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/codex-rs/linux-sandbox/src
History
viyatb-oai e1447c3009
feat: add support for read-only bind mounts in the linux sandbox (#9112) 
### Motivation

- Landlock alone cannot prevent writes to sensitive in-repo files like
`.git/` when the repo root is writable, so explicit mount restrictions
are required for those paths.
- The sandbox must set up any mounts before calling Landlock so Landlock
can still be applied afterwards and the two mechanisms compose
correctly.

### Description

- Add a new `linux-sandbox` helper `apply_read_only_mounts` in
`linux-sandbox/src/mounts.rs` that: unshares namespaces, maps uids/gids
when required, makes mounts private, bind-mounts targets, and remounts
them read-only.
- Wire the mount step into the sandbox flow by calling
`apply_read_only_mounts(...)` before network/seccomp and before applying
Landlock rules in `linux-sandbox/src/landlock.rs`.
2026-01-14 08:30:46 -08:00
..
landlock.rs feat: add support for read-only bind mounts in the linux sandbox (#9112) 2026-01-14 08:30:46 -08:00
lib.rs feat: add support for read-only bind mounts in the linux sandbox (#9112) 2026-01-14 08:30:46 -08:00
linux_run_main.rs chore: rework tools execution workflow (#5278) 2025-10-20 20:57:37 +01:00
main.rs fix: overhaul how we spawn commands under seccomp/landlock on Linux (#1086) 2025-05-23 11:37:07 -07:00
mounts.rs feat: add support for read-only bind mounts in the linux sandbox (#9112) 2026-01-14 08:30:46 -08:00