core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/codex-rs/exec/tests/suite
History
viyatb-oai ae4de43ccc
feat(linux-sandbox): add bwrap support (#9938) 
## Summary
This PR introduces a gated Bubblewrap (bwrap) Linux sandbox path. The
curent Linux sandbox path relies on in-process restrictions (including
Landlock). Bubblewrap gives us a more uniform filesystem isolation
model, especially explicit writable roots with the option to make some
directories read-only and granular network controls.

This is behind a feature flag so we can validate behavior safely before
making it the default.

- Added temporary rollout flag:
  - `features.use_linux_sandbox_bwrap`
- Preserved existing default path when the flag is off.
- In Bubblewrap mode:
- Added internal retry without /proc when /proc mount is not permitted
by the host/container.
2026-02-04 11:13:17 -08:00
..
add_dir.rs feat: Add support for --add-dir to exec and TypeScript SDK (#6565) 2025-11-13 13:47:10 -08:00
apply_patch.rs feat: introduce codex-utils-cargo-bin as an alternative to assert_cmd::Command (#8496) 2025-12-23 19:29:32 -08:00
auth_env.rs [bazel] Improve runfiles handling (#10098) 2026-01-29 00:15:44 +00:00
mod.rs feat: Add support for --add-dir to exec and TypeScript SDK (#6565) 2025-11-13 13:47:10 -08:00
originator.rs feat: change ConfigLayerName into a disjoint union rather than a simple enum (#8095) 2025-12-17 08:13:59 -08:00
output_schema.rs Update defaults to gpt-5.1 (#6652) 2025-11-17 17:40:11 -08:00
resume.rs [bazel] Improve runfiles handling (#10098) 2026-01-29 00:15:44 +00:00
sandbox.rs feat(linux-sandbox): add bwrap support (#9938) 2026-02-04 11:13:17 -08:00
server_error_exit.rs tests: replace mount_sse_once_match with mount_sse_once for SSE mocking (#6640) 2025-11-13 18:04:05 -08:00