clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-05-25 13:34:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

[codex] Stop Windows sandbox setup after filter installation failure

Browse Source 
Treat filter installation failure as a setup failure instead of allowing offline sandbox initialization to continue.

Co-authored-by: Codex <noreply@openai.com>
This commit is contained in:
Chris Bookholt
2026-05-11 20:02:46 +00:00
parent e3f481da98
commit 4a5013386b
2 changed files with 46 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
codex-rs/windows-sandbox-rs/src/bin/setup_main/win.rs
View File

@@ -610,7 +610,13 @@ fn run_setup_full(payload: &Payload, log: &mut File, sbx_dir: &Path) -> Result<(
|message| {
let _ = log_line(log, message);
},
);
)
.map_err(|err| {
anyhow::Error::new(SetupFailure::new(
SetupErrorCode::HelperFirewallRuleCreateOrAddFailed,
format!("install WFP filters failed: {err}"),
))
})?;
}
if payload.read_roots.is_empty() {

65
codex-rs/windows-sandbox-rs/src/wfp_setup.rs
View File

@@ -128,48 +128,61 @@ pub fn install_wfp_filters<F>(
offline_username: &str,
otel: Option<&StatsigMetricsSettings>,
mut log: F,
) where
) -> Result<()>
where
F: FnMut(&str),
{
let metric = match std::panic::catch_unwind(std::panic::AssertUnwindSafe(|| {
install_wfp_filters_for_account(offline_username)
})) {
let (metric, install_result) = match std::panic::catch_unwind(std::panic::AssertUnwindSafe(
|| install_wfp_filters_for_account(offline_username),
)) {
Ok(Ok(installed_filter_count)) => {
log(&format!(
"WFP setup succeeded for {offline_username} with {installed_filter_count} installed filters"
));
WfpSetupMetric {
outcome: WfpSetupMetricOutcome::Success,
target_account: offline_username.to_string(),
installed_filter_count,
error: None,
}
(
WfpSetupMetric {
outcome: WfpSetupMetricOutcome::Success,
target_account: offline_username.to_string(),
installed_filter_count,
error: None,
},
Ok(()),
)
}
Ok(Err(err)) => {
let error = err.to_string();
log(&format!(
"WFP setup failed for {offline_username}: {error}; continuing elevated setup"
));
WfpSetupMetric {
outcome: WfpSetupMetricOutcome::Failure,
target_account: offline_username.to_string(),
installed_filter_count: 0,
error: Some(error),
}
log(&format!("WFP setup failed for {offline_username}: {error}"));
(
WfpSetupMetric {
outcome: WfpSetupMetricOutcome::Failure,
target_account: offline_username.to_string(),
installed_filter_count: 0,
error: Some(error.clone()),
},
Err(anyhow::anyhow!(
"WFP setup failed for {offline_username}: {error}"
)),
)
}
Err(panic_payload) => {
let error = panic_payload_to_string(panic_payload);
log(&format!(
"WFP setup panicked for {offline_username}: {error}; continuing elevated setup"
"WFP setup panicked for {offline_username}: {error}"
));
WfpSetupMetric {
outcome: WfpSetupMetricOutcome::Failure,
target_account: offline_username.to_string(),
installed_filter_count: 0,
error: Some(format!("panic: {error}")),
}
(
WfpSetupMetric {
outcome: WfpSetupMetricOutcome::Failure,
target_account: offline_username.to_string(),
installed_filter_count: 0,
error: Some(format!("panic: {error}")),
},
Err(anyhow::anyhow!(
"WFP setup panicked for {offline_username}: {error}"
)),
)
}
};
emit_wfp_setup_metric_safely(codex_home, otel, offline_username, &metric, &mut log);
install_result
}