Trust managed MITM CA in Linux sandboxes

2026-05-29 23:40:29 +00:00 · 2026-05-26 15:44:40 -07:00
parent e910c8c788
commit 595d035fbc
9 changed files with 194 additions and 31 deletions
--- a/codex-rs/network-proxy/README.md
+++ b/codex-rs/network-proxy/README.md
@@ -37,6 +37,8 @@ mode = "full" # default when unset; use "limited" for read-only mode
 # CA cert/key are managed internally under $CODEX_HOME/proxy/ (ca.pem + ca.key).
 # When MITM is active, spawned commands receive CA bundle env vars pointing at
 # $CODEX_HOME/proxy/ca-bundle.pem so common HTTPS clients trust the managed CA.
+# Linux bubblewrap sandboxes also overlay that bundle onto common system CA
+# bundle paths inside the sandbox namespace.

 # If false, local/private networking is rejected. Explicit allowlisting of local IP literals
 # (or `localhost`) is required to permit them.
--- a/codex-rs/network-proxy/src/proxy.rs
+++ b/codex-rs/network-proxy/src/proxy.rs
@@ -614,6 +614,11 @@ impl NetworkProxy {
        self.runtime_settings().dangerously_allow_all_unix_sockets
    }

+    /// Returns the managed CA bundle child sandboxes should trust while MITM is active.
+    pub fn mitm_ca_trust_bundle_path(&self) -> Option<PathBuf> {
+        self.runtime_settings().mitm_ca_trust_bundle_path
+    }
+
    pub fn apply_to_env(&self, env: &mut HashMap<String, String>) {
        let runtime_settings = self.runtime_settings();
        // Enforce proxying for child processes. We intentionally override existing values so