core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/codex-rs/windows-sandbox-rs
History
iceweasel-oai aabe0f259c
implement per-workspace capability SIDs for workspace specific ACLs (#10189) 
Today, there is a single capability SID that allows the sandbox to write
to
* workspace (cwd)
* tmp directories if enabled
* additional writable roots

This change splits those up, so that each workspace has its own
capability SID, while tmp and additional roots, which are
installation-wide, are still governed by the "generic" capability SID

This isolates workspaces from each other in terms of sandbox write
access.
Also allows us to protect <cwd>/.codex when codex runs in a specific
<cwd>
2026-02-03 12:37:51 -08:00
..
src implement per-workspace capability SIDs for workspace specific ACLs (#10189) 2026-02-03 12:37:51 -08:00
BUILD.bazel feat: add support for building with Bazel (#8875) 2026-01-09 11:09:43 -08:00
build.rs Elevated Sandbox 2 (#7792) 2025-12-10 21:23:16 -08:00
Cargo.lock Windows Sandbox - Alpha version (#4905) 2025-10-30 15:51:57 -07:00
Cargo.toml fix: handle utf-8 in windows sandbox logs (#8647) 2026-01-26 15:11:27 -08:00
codex-windows-sandbox-setup.manifest Elevated Sandbox 2 (#7792) 2025-12-10 21:23:16 -08:00
sandbox_smoketests.py smoketest for browser vuln, rough draft of Windows security doc (#6822) 2025-11-18 16:43:34 -08:00