f956cc2a02
## Summary Vendor Bubblewrap into the repo and add minimal build plumbing in `codex-linux-sandbox` to compile/link it. ## Why We want to move Linux sandboxing toward Bubblewrap, but in a safe two-step rollout: 1) vendoring/build setup (this PR), 2) runtime integration (follow-up PR). ## Included - Add `codex-rs/vendor/bubblewrap` sources. - Add build-time FFI path in `codex-rs/linux-sandbox`. - Update `build.rs` rerun tracking for vendored files. - Small vendored compile warning fix (`sockaddr_nl` full init). follow up in https://github.com/openai/codex/pull/9938
41 lines
886 B
TOML
41 lines
886 B
TOML
[package]
|
|
name = "codex-linux-sandbox"
|
|
version.workspace = true
|
|
edition.workspace = true
|
|
license.workspace = true
|
|
|
|
[[bin]]
|
|
name = "codex-linux-sandbox"
|
|
path = "src/main.rs"
|
|
|
|
[lib]
|
|
name = "codex_linux_sandbox"
|
|
path = "src/lib.rs"
|
|
|
|
[lints]
|
|
workspace = true
|
|
|
|
[target.'cfg(target_os = "linux")'.dependencies]
|
|
clap = { workspace = true, features = ["derive"] }
|
|
codex-core = { workspace = true }
|
|
codex-utils-absolute-path = { workspace = true }
|
|
landlock = { workspace = true }
|
|
libc = { workspace = true }
|
|
seccompiler = { workspace = true }
|
|
serde_json = { workspace = true }
|
|
which = "8.0.0"
|
|
|
|
[target.'cfg(target_os = "linux")'.dev-dependencies]
|
|
pretty_assertions = { workspace = true }
|
|
tempfile = { workspace = true }
|
|
tokio = { workspace = true, features = [
|
|
"io-std",
|
|
"macros",
|
|
"process",
|
|
"rt-multi-thread",
|
|
"signal",
|
|
] }
|
|
|
|
[build-dependencies]
|
|
cc = "1"
|
|
pkg-config = "0.3"
|