clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-05-24 13:04:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

tests: avoid ambient temp sandbox roots (#22576)

Browse Source 
## Why
Some sandboxed integration tests enabled both ambient temp roots
(`TMPDIR` and literal `/tmp`) even though they were not testing
temp-root behavior. On Linux bwrap, making `/tmp` writable causes
protected metadata mount targets such as `/tmp/.git`, `/tmp/.agents`,
and `/tmp/.codex` to be synthesized. If a run is interrupted, those
top-level markers can be left behind and contaminate later tests.

## What changed
For the incidental integration tests that do not need ambient temp-root
access, set `exclude_tmpdir_env_var` and `exclude_slash_tmp` to `true`.
Dedicated protected-metadata coverage remains in the lower-level sandbox
tests that use isolated temp roots.

## Verification
Focused remote devbox repros passed with a watcher polling `/tmp/.git`,
`/tmp/.agents`, and `/tmp/.codex`; no leaked markers were observed.
This commit is contained in:
starr-openai
2026-05-14 10:04:24 -07:00
committed by GitHub
parent 74a1b46a00
commit 8736e32657
5 changed files with 24 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
codex-rs/app-server/tests/suite/v2/turn_start.rs
View File

@@ -1896,8 +1896,8 @@ async fn turn_start_updates_sandbox_and_cwd_between_turns_v2() -> Result<()> {
sandbox_policy: Some(codex_app_server_protocol::SandboxPolicy::WorkspaceWrite {
writable_roots: vec![first_cwd.try_into()?],
network_access: false,
exclude_tmpdir_env_var: false,
exclude_slash_tmp: false,
exclude_tmpdir_env_var: true,
exclude_slash_tmp: true,
}),
permissions: None,
model: Some("mock-model".to_string()),

4
codex-rs/app-server/tests/suite/v2/turn_start_zsh_fork.rs
View File

@@ -537,8 +537,8 @@ async fn turn_start_shell_zsh_fork_subcommand_decline_marks_parent_declined_v2()
sandbox_policy: Some(codex_app_server_protocol::SandboxPolicy::WorkspaceWrite {
writable_roots: vec![workspace.clone().try_into()?],
network_access: false,
exclude_tmpdir_env_var: false,
exclude_slash_tmp: false,
exclude_tmpdir_env_var: true,
exclude_slash_tmp: true,
}),
model: Some("mock-model".to_string()),
effort: Some(codex_protocol::openai_models::ReasoningEffort::Medium),

16
codex-rs/core/tests/suite/approvals.rs
View File

@@ -829,8 +829,8 @@ fn scenarios() -> Vec<ScenarioSpec> {
let workspace_write = |network_access| SandboxPolicy::WorkspaceWrite {
writable_roots: vec![],
network_access,
exclude_tmpdir_env_var: false,
exclude_slash_tmp: false,
exclude_tmpdir_env_var: true,
exclude_slash_tmp: true,
};
vec![
@@ -2049,8 +2049,8 @@ async fn approving_apply_patch_for_session_skips_future_prompts_for_same_file()
let sandbox_policy = SandboxPolicy::WorkspaceWrite {
writable_roots: vec![],
network_access: false,
exclude_tmpdir_env_var: false,
exclude_slash_tmp: false,
exclude_tmpdir_env_var: true,
exclude_slash_tmp: true,
};
let sandbox_policy_for_config = sandbox_policy.clone();
@@ -2805,8 +2805,8 @@ allow_local_binding = true
let sandbox_policy = SandboxPolicy::WorkspaceWrite {
writable_roots: vec![],
network_access: true,
exclude_tmpdir_env_var: false,
exclude_slash_tmp: false,
exclude_tmpdir_env_var: true,
exclude_slash_tmp: true,
};
let sandbox_policy_for_config = sandbox_policy.clone();
let mut builder = test_codex()
@@ -3085,8 +3085,8 @@ allow_local_binding = true
let turn_sandbox_policy = SandboxPolicy::WorkspaceWrite {
writable_roots: vec![],
network_access: true,
exclude_tmpdir_env_var: false,
exclude_slash_tmp: false,
exclude_tmpdir_env_var: true,
exclude_slash_tmp: true,
};
let mut builder = test_codex()
.with_home(home)

4
codex-rs/exec/tests/suite/sandbox.rs
View File

@@ -183,8 +183,8 @@ async fn python_multiprocessing_lock_works_under_sandbox() {
let policy = SandboxPolicy::WorkspaceWrite {
writable_roots,
network_access: false,
exclude_tmpdir_env_var: false,
exclude_slash_tmp: false,
exclude_tmpdir_env_var: true,
exclude_slash_tmp: true,
};
let python_code = r#"import multiprocessing

20
codex-rs/sandboxing/src/seatbelt_tests.rs
View File

@@ -166,8 +166,8 @@ fn dynamic_network_policy_allows_tls_without_darwin_user_cache_write() {
&SandboxPolicy::WorkspaceWrite {
writable_roots: vec![],
network_access: true,
exclude_tmpdir_env_var: false,
exclude_slash_tmp: false,
exclude_tmpdir_env_var: true,
exclude_slash_tmp: true,
},
/*enforce_managed_network*/ false,
&ProxyPolicyInputs::default(),
@@ -439,8 +439,8 @@ fn dynamic_network_policy_preserves_restricted_policy_when_proxy_config_without_
&SandboxPolicy::WorkspaceWrite {
writable_roots: vec![],
network_access: true,
exclude_tmpdir_env_var: false,
exclude_slash_tmp: false,
exclude_tmpdir_env_var: true,
exclude_slash_tmp: true,
},
/*enforce_managed_network*/ false,
&ProxyPolicyInputs {
@@ -475,8 +475,8 @@ fn dynamic_network_policy_blocks_dns_when_local_binding_has_no_proxy_ports() {
&SandboxPolicy::WorkspaceWrite {
writable_roots: vec![],
network_access: true,
exclude_tmpdir_env_var: false,
exclude_slash_tmp: false,
exclude_tmpdir_env_var: true,
exclude_slash_tmp: true,
},
/*enforce_managed_network*/ false,
&ProxyPolicyInputs {
@@ -503,8 +503,8 @@ fn dynamic_network_policy_preserves_restricted_policy_for_managed_network_withou
&SandboxPolicy::WorkspaceWrite {
writable_roots: vec![],
network_access: true,
exclude_tmpdir_env_var: false,
exclude_slash_tmp: false,
exclude_tmpdir_env_var: true,
exclude_slash_tmp: true,
},
/*enforce_managed_network*/ true,
&ProxyPolicyInputs {
@@ -793,8 +793,8 @@ fn create_seatbelt_args_full_network_with_proxy_is_still_proxy_only() {
&SandboxPolicy::WorkspaceWrite {
writable_roots: vec![],
network_access: true,
exclude_tmpdir_env_var: false,
exclude_slash_tmp: false,
exclude_tmpdir_env_var: true,
exclude_slash_tmp: true,
},
/*enforce_managed_network*/ false,
&ProxyPolicyInputs {