History

viyatb-oai e1447c3009 feat: add support for read-only bind mounts in the linux sandbox (#9112 ) ### Motivation - Landlock alone cannot prevent writes to sensitive in-repo files like `.git/` when the repo root is writable, so explicit mount restrictions are required for those paths. - The sandbox must set up any mounts before calling Landlock so Landlock can still be applied afterwards and the two mechanisms compose correctly. ### Description - Add a new `linux-sandbox` helper `apply_read_only_mounts` in `linux-sandbox/src/mounts.rs` that: unshares namespaces, maps uids/gids when required, makes mounts private, bind-mounts targets, and remounts them read-only. - Wire the mount step into the sandbox flow by calling `apply_read_only_mounts(...)` before network/seccomp and before applying Landlock rules in `linux-sandbox/src/landlock.rs`.		2026-01-14 08:30:46 -08:00
..
src	feat: add support for read-only bind mounts in the linux sandbox (#9112 )	2026-01-14 08:30:46 -08:00
BUILD.bazel	Assemble sandbox/approval/network prompts dynamically (#8961 )	2026-01-12 23:12:59 +00:00
Cargo.toml	fix: introduce AbsolutePathBuf as part of sandbox config (#7856 )	2025-12-12 15:25:22 -08:00
README.md	fix: separate `codex mcp` into `codex mcp-server` and `codex app-server` (#4471 )	2025-09-30 07:06:18 +00:00

README.md

codex-protocol

This crate defines the "types" for the protocol used by Codex CLI, which includes both "internal types" for communication between codex-core and codex-tui, as well as "external types" used with codex app-server.

This crate should have minimal dependencies.

Ideally, we should avoid "material business logic" in this crate, as we can always introduce Ext-style traits to add functionality to types in other crates.