core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/.github
History
viyatb-oai ae4de43ccc
feat(linux-sandbox): add bwrap support (#9938) 
## Summary
This PR introduces a gated Bubblewrap (bwrap) Linux sandbox path. The
curent Linux sandbox path relies on in-process restrictions (including
Landlock). Bubblewrap gives us a more uniform filesystem isolation
model, especially explicit writable roots with the option to make some
directories read-only and granular network controls.

This is behind a feature flag so we can validate behavior safely before
making it the default.

- Added temporary rollout flag:
  - `features.use_linux_sandbox_bwrap`
- Preserved existing default path when the flag is off.
- In Bubblewrap mode:
- Added internal retry without /proc when /proc mount is not permitted
by the host/container.
2026-02-04 11:13:17 -08:00
..
actions [release] Add a dmg target for MacOS (#8207) 2025-12-18 11:19:10 -08:00
codex Fix minor typos in comments and documentation (#10287) 2026-01-30 22:11:02 -08:00
ISSUE_TEMPLATE Fixed icon for CLI bug template (#10552) 2026-02-03 13:27:33 -08:00
prompts Deduplicator fixes (#4635) 2025-10-02 16:01:59 -07:00
scripts Revert "Revert "fix: musl build"" (#9847) 2026-01-25 08:50:31 -05:00
workflows feat(linux-sandbox): add bwrap support (#9938) 2026-02-04 11:13:17 -08:00
codex-cli-splash.png Replaced user documentation with links to developers docs site (#8662) 2026-01-02 13:01:53 -07:00
dependabot.yaml Enable Dependabot updates for Rust toolchain (#2460) 2025-08-19 18:07:21 -07:00
dotslash-config.json include new windows binaries in npm package. (#8140) 2025-12-16 16:14:33 -08:00
pull_request_template.md Updated contributing guidelines and PR template to request link to bug report in PR notes (#6332) 2025-11-06 12:02:39 -08:00