Skip to content

refactor: make bubblewrap the default Linux sandbox#13996

Merged
viyatb-oai merged 8 commits intomainfrom
codex/viyatb/use-legacy-landlock-only
Mar 12, 2026
Merged

refactor: make bubblewrap the default Linux sandbox#13996
viyatb-oai merged 8 commits intomainfrom
codex/viyatb/use-legacy-landlock-only

Conversation

@viyatb-oai
Copy link
Copy Markdown
Collaborator

@viyatb-oai viyatb-oai commented Mar 8, 2026
edited
Loading

Summary

  • make bubblewrap the default Linux sandbox and keep use_legacy_landlock as the only override
  • remove use_linux_sandbox_bwrap from feature, config, schema, and docs surfaces
  • update Linux sandbox selection, CLI/config plumbing, and related tests/docs to match the new default
  • fold in the follow-up CI fixes for request-permissions responses and Linux read-only sandbox error text

viyatb-oai added a commit that referenced this pull request Mar 10, 2026
@viyatb-oai
codex: fix CI failure on PR #13996
e1a60a2
viyatb-oai added a commit that referenced this pull request Mar 10, 2026
@viyatb-oai
codex: fix CI failure on PR #13996
701f145
@viyatb-oai viyatb-oai force-pushed the codex/viyatb/use-legacy-landlock-only branch from e1a60a2 to 701f145 Compare March 10, 2026 02:21
@github-actions github-actions bot mentioned this pull request Mar 10, 2026
Open
viyatb-oai added a commit that referenced this pull request Mar 10, 2026
@viyatb-oai
codex: fix CI failure on PR #13996
b9e75e4
@viyatb-oai viyatb-oai force-pushed the codex/viyatb/use-legacy-landlock-only branch from fee8d4b to a6afe41 Compare March 10, 2026 02:48
@viyatb-oai viyatb-oai changed the title refactor: remove linux sandbox bwrap toggle refactor: make bubblewrap the default Linux sandbox Mar 10, 2026
@viyatb-oai viyatb-oai requested a review from bolinfest March 10, 2026 22:12
@viyatb-oai viyatb-oai force-pushed the codex/viyatb/use-legacy-landlock-only branch from d7169dd to 7e5e306 Compare March 11, 2026 22:00
This was referenced Mar 12, 2026
Closed
Closed
Open
@viyatb-oai viyatb-oai marked this pull request as ready for review March 12, 2026 01:09
@github-actions github-actions bot mentioned this pull request Mar 12, 2026
Open
bolinfest
bolinfest approved these changes Mar 12, 2026
View reviewed changes
codex-rs/core/tests/suite/approvals.rs
// Use urllib without overriding proxy settings so managed-network sessions
// continue to exercise the env-based proxy routing path under bubblewrap.
let fetch_command =
"python3 -c \"import urllib.request; opener = urllib.request.build_opener(urllib.request.ProxyHandler()); print('OK:' + opener.open('http://codex-network-test.invalid', timeout=30).read().decode(errors='replace'))\""
Copy link
Copy Markdown
Collaborator

@bolinfest bolinfest Mar 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

consider r#?

codex-rs/linux-sandbox/src/linux_run_main.rs
inner.push("--use-bwrap-sandbox".to_string());
inner.push("--apply-seccomp-then-exec".to_string());
}
inner.push("--apply-seccomp-then-exec".to_string());
Copy link
Copy Markdown
Collaborator

@bolinfest bolinfest Mar 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this move into the vec![] declaration?

Copy link
Copy Markdown
Collaborator Author

@viyatb-oai viyatb-oai Mar 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good idea, let me get it in

@viyatb-oai viyatb-oai merged commit 04892b4 into main Mar 12, 2026
52 of 54 checks passed
@viyatb-oai viyatb-oai deleted the codex/viyatb/use-legacy-landlock-only branch March 12, 2026 06:31
@github-actions github-actions bot locked and limited conversation to collaborators Mar 12, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@bolinfest bolinfest bolinfest approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@viyatb-oai @bolinfest