core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/codex-rs/cli/src
History
viyatb-oai ae4de43ccc
feat(linux-sandbox): add bwrap support (#9938) 
## Summary
This PR introduces a gated Bubblewrap (bwrap) Linux sandbox path. The
curent Linux sandbox path relies on in-process restrictions (including
Landlock). Bubblewrap gives us a more uniform filesystem isolation
model, especially explicit writable roots with the option to make some
directories read-only and granular network controls.

This is behind a feature flag so we can validate behavior safely before
making it the default.

- Added temporary rollout flag:
  - `features.use_linux_sandbox_bwrap`
- Preserved existing default path when the flag is off.
- In Bubblewrap mode:
- Added internal retry without /proc when /proc mount is not permitted
by the host/container.
2026-02-04 11:13:17 -08:00
..
debug_sandbox add codex debug seatbelt --log-denials (#4098) 2025-11-10 22:48:14 +00:00
desktop_app Add codex app macOS launcher (#10418) 2026-02-02 17:37:04 -08:00
app_cmd.rs Add codex app macOS launcher (#10418) 2026-02-02 17:37:04 -08:00
debug_sandbox.rs feat(linux-sandbox): add bwrap support (#9938) 2026-02-04 11:13:17 -08:00
exit_status.rs feat: experimental env var: CODEX_SANDBOX_NETWORK_DISABLED (#879) 2025-05-09 18:29:34 -07:00
lib.rs add codex debug seatbelt --log-denials (#4098) 2025-11-10 22:48:14 +00:00
login.rs chore: rename ChatGpt -> Chatgpt in type names (#10244) 2026-01-30 11:18:39 -08:00
main.rs chore: add codex debug app-server tooling (#10367) 2026-02-03 23:17:34 +00:00
mcp_cmd.rs [skills] Auto install MCP dependencies when running skils with dependency specs. (#9982) 2026-01-27 19:02:45 -08:00
wsl_paths.rs Fix toasts on Windows under WSL 2 (#7137) 2025-12-11 15:09:00 -08:00