fix: follow up on linux sandbox review nits (#14440)

## Summary - address the follow-up review nits from #13996 in a separate PR - make the approvals test command a raw string and keep the managed-network path using env proxy routing - inline `--apply-seccomp-then-exec` in the Linux sandbox inner command builder - remove the bubblewrap-specific sandbox metric tag path and drop the `use_legacy_landlock` shim from `sandbox_tag`/`TurnMetadataState::new` - restore the `Feature` import that `origin/main` currently still needs in `connectors.rs` ## Testing - `cargo test -p codex-linux-sandbox` - focused `codex-core` tests were rerun/started, but the final verification pass was interrupted when I pushed at request
2026-04-30 17:36:40 +00:00 · 2026-03-11 23:59:50 -07:00
parent 04892b4ceb
commit e99e8e4a6b
7 changed files with 20 additions and 71 deletions
--- a/codex-rs/core/tests/suite/approvals.rs
+++ b/codex-rs/core/tests/suite/approvals.rs
@@ -2298,9 +2298,8 @@ allow_local_binding = true
    let call_id_first = "allow-network-first";
    // Use urllib without overriding proxy settings so managed-network sessions
    // continue to exercise the env-based proxy routing path under bubblewrap.
-    let fetch_command =
-        "python3 -c \"import urllib.request; opener = urllib.request.build_opener(urllib.request.ProxyHandler()); print('OK:' + opener.open('http://codex-network-test.invalid', timeout=30).read().decode(errors='replace'))\""
-            .to_string();
+    let fetch_command = r#"python3 -c "import urllib.request; opener = urllib.request.build_opener(urllib.request.ProxyHandler()); print('OK:' + opener.open('http://codex-network-test.invalid', timeout=30).read().decode(errors='replace'))""#
+        .to_string();
    let first_event = shell_event(
        call_id_first,
        &fetch_command,