ae4de43ccc
## Summary This PR introduces a gated Bubblewrap (bwrap) Linux sandbox path. The curent Linux sandbox path relies on in-process restrictions (including Landlock). Bubblewrap gives us a more uniform filesystem isolation model, especially explicit writable roots with the option to make some directories read-only and granular network controls. This is behind a feature flag so we can validate behavior safely before making it the default. - Added temporary rollout flag: - `features.use_linux_sandbox_bwrap` - Preserved existing default path when the flag is off. - In Bubblewrap mode: - Added internal retry without /proc when /proc mount is not permitted by the host/container.
40 lines
870 B
TOML
40 lines
870 B
TOML
[package]
|
|
name = "codex-linux-sandbox"
|
|
version.workspace = true
|
|
edition.workspace = true
|
|
license.workspace = true
|
|
|
|
[[bin]]
|
|
name = "codex-linux-sandbox"
|
|
path = "src/main.rs"
|
|
|
|
[lib]
|
|
name = "codex_linux_sandbox"
|
|
path = "src/lib.rs"
|
|
|
|
[lints]
|
|
workspace = true
|
|
|
|
[target.'cfg(target_os = "linux")'.dependencies]
|
|
clap = { workspace = true, features = ["derive"] }
|
|
codex-core = { workspace = true }
|
|
codex-utils-absolute-path = { workspace = true }
|
|
landlock = { workspace = true }
|
|
libc = { workspace = true }
|
|
seccompiler = { workspace = true }
|
|
serde_json = { workspace = true }
|
|
|
|
[target.'cfg(target_os = "linux")'.dev-dependencies]
|
|
pretty_assertions = { workspace = true }
|
|
tempfile = { workspace = true }
|
|
tokio = { workspace = true, features = [
|
|
"io-std",
|
|
"macros",
|
|
"process",
|
|
"rt-multi-thread",
|
|
"signal",
|
|
] }
|
|
|
|
[build-dependencies]
|
|
cc = "1"
|
|
pkg-config = "0.3"
|