core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/codex-rs/common/src
History
viyatb-oai ae4de43ccc
feat(linux-sandbox): add bwrap support (#9938) 
## Summary
This PR introduces a gated Bubblewrap (bwrap) Linux sandbox path. The
curent Linux sandbox path relies on in-process restrictions (including
Landlock). Bubblewrap gives us a more uniform filesystem isolation
model, especially explicit writable roots with the option to make some
directories read-only and granular network controls.

This is behind a feature flag so we can validate behavior safely before
making it the default.

- Added temporary rollout flag:
  - `features.use_linux_sandbox_bwrap`
- Preserved existing default path when the flag is off.
- In Bubblewrap mode:
- Added internal retry without /proc when /proc mount is not permitted
by the host/container.
2026-02-04 11:13:17 -08:00
..
approval_mode_cli_arg.rs [approval_policy] Add OnRequest approval_policy (#1865) 2025-08-05 20:44:20 -07:00
approval_presets.rs feat(tui) /permissions flow (#9561) 2026-01-21 21:38:46 -08:00
config_override.rs feat(linux-sandbox): add bwrap support (#9938) 2026-02-04 11:13:17 -08:00
config_summary.rs feat: support allowed_sandbox_modes in requirements.toml (#8298) 2025-12-19 21:09:20 +00:00
elapsed.rs Add spacing to timer duration formats (#3471) 2025-09-12 12:05:57 -04:00
format_env_display.rs [MCP] Redact environment variable values in /mcp and mcp get (#5648) 2025-10-24 18:30:20 -04:00
fuzzy_match.rs Scrollable slash commands (#1830) 2025-08-06 21:23:09 -07:00
lib.rs Improve handling of config and rules errors for app server clients (#9182) 2026-01-13 17:57:09 -08:00
oss.rs chore: nuke chat/completions API (#10157) 2026-02-03 11:31:57 +00:00
sandbox_mode_cli_arg.rs feat: introduce ExternalSandbox policy (#8290) 2025-12-18 17:02:03 -08:00
sandbox_summary.rs feat: introduce ExternalSandbox policy (#8290) 2025-12-18 17:02:03 -08:00