codex: dispatch exec-server sandbox helper via argv0

Teach the standalone exec-server binary to run the Linux sandbox helper when it is re-execed with the codex-linux-sandbox argv0 alias. Point the exec-server sandbox transform at the current executable on Linux instead of requiring an env-provided helper path. Co-authored-by: Codex <noreply@openai.com>
2026-04-26 15:45:02 +00:00 · 2026-04-07 15:24:33 -07:00
parent 4e90a1a891
commit 3d5f1a4e56
5 changed files with 64 additions and 22 deletions
--- a/codex-rs/exec-server/tests/exec_process.rs
+++ b/codex-rs/exec-server/tests/exec_process.rs
@@ -235,7 +235,16 @@ fn platform_sandbox_type() -> SandboxType {
 }

 fn write_outside_workspace_sandbox(workspace_root: &std::path::Path) -> SandboxLaunchConfig {
-    let policy = SandboxPolicy::new_workspace_write_policy();
+    let mut policy = SandboxPolicy::new_workspace_write_policy();
+    if let SandboxPolicy::WorkspaceWrite {
+        exclude_tmpdir_env_var,
+        exclude_slash_tmp,
+        ..
+    } = &mut policy
+    {
+        *exclude_tmpdir_env_var = true;
+        *exclude_slash_tmp = true;
+    }
    SandboxLaunchConfig {
        sandbox: platform_sandbox_type(),
        policy: policy.clone(),
@@ -368,9 +377,7 @@ async fn exec_process_preserves_queued_events_before_subscribe(use_remote: bool)
    assert_exec_process_preserves_queued_events_before_subscribe(use_remote).await
 }

-#[test_case(false ; "local")]
-#[test_case(true ; "remote")]
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn exec_process_sandbox_denies_write_outside_workspace(use_remote: bool) -> Result<()> {
-    assert_exec_process_sandbox_denies_write_outside_workspace(use_remote).await
+async fn remote_exec_process_sandbox_denies_write_outside_workspace() -> Result<()> {
+    assert_exec_process_sandbox_denies_write_outside_workspace(/*use_remote*/ true).await
 }
--- a/codex-rs/exec-server/tests/process.rs
+++ b/codex-rs/exec-server/tests/process.rs
@@ -4,9 +4,11 @@ mod common;

 use codex_app_server_protocol::JSONRPCMessage;
 use codex_app_server_protocol::JSONRPCResponse;
+use codex_exec_server::ExecParams;
 use codex_exec_server::ExecResponse;
 use codex_exec_server::InitializeParams;
 use codex_exec_server::ProcessId;
+use codex_sandboxing::SandboxLaunchConfig;
 use common::exec_server::exec_server;
 use pretty_assertions::assert_eq;

@@ -45,14 +47,15 @@ async fn exec_server_starts_process_over_websocket() -> anyhow::Result<()> {
    let process_start_id = server
        .send_request(
            "process/start",
-            serde_json::json!({
-                "processId": "proc-1",
-                "argv": ["true"],
-                "cwd": std::env::current_dir()?,
-                "env": {},
-                "tty": false,
-                "arg0": null
-            }),
+            serde_json::to_value(ExecParams {
+                process_id: ProcessId::from("proc-1"),
+                argv: vec!["true".to_string()],
+                cwd: std::env::current_dir()?,
+                env: Default::default(),
+                tty: false,
+                arg0: None,
+                sandbox: SandboxLaunchConfig::no_sandbox(std::env::current_dir()?),
+            })?,
        )
        .await?;
    let response = server