core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/codex-rs/linux-sandbox/src
History
viyatb-oai f194d4b115
fix: reopen writable linux carveouts under denied parents (#14514) 
## Summary
- preserve Linux bubblewrap semantics for `write -> none -> write`
filesystem policies by recreating masked mount targets before rebinding
narrower writable descendants
- add a Linux runtime regression for `/repo = write`, `/repo/a = none`,
`/repo/a/b = write` so the nested writable child is exercised under
bubblewrap
- document the supported legacy Landlock fallback and the split-policy
bubblewrap behavior for overlapping carveouts

## Example
Given a split filesystem policy like:

```toml
"/repo" = "write"
"/repo/a" = "none"
"/repo/a/b" = "write"
```

this PR keeps `/repo` writable, masks `/repo/a`, and still reopens
`/repo/a/b` as writable again under bubblewrap.

## Testing
- `just fmt`
- `cargo test -p codex-linux-sandbox`
- `cargo clippy -p codex-linux-sandbox --tests -- -D warnings`
2026-03-13 01:36:06 +00:00
..
bwrap.rs fix: reopen writable linux carveouts under denied parents (#14514) 2026-03-13 01:36:06 +00:00
landlock.rs linux-sandbox: plumb split sandbox policies through helper (#13449) 2026-03-07 19:40:10 -08:00
lib.rs feat(linux-sandbox): implement proxy-only egress via TCP-UDS-TCP bridge (#11293) 2026-02-21 18:16:34 +00:00
linux_run_main.rs fix: preserve split filesystem semantics in linux sandbox (#14173) 2026-03-12 10:56:32 -07:00
linux_run_main_tests.rs fix: preserve split filesystem semantics in linux sandbox (#14173) 2026-03-12 10:56:32 -07:00
main.rs fix: overhaul how we spawn commands under seccomp/landlock on Linux (#1086) 2025-05-23 11:37:07 -07:00
proxy_routing.rs feat(linux-sandbox): implement proxy-only egress via TCP-UDS-TCP bridge (#11293) 2026-02-21 18:16:34 +00:00
vendored_bwrap.rs linux-sandbox: honor split filesystem policies in bwrap (#13453) 2026-03-07 23:46:52 -08:00