linux-sandbox: skip redundant bwrap argv0 on helper path

2026-04-23 22:24:57 +00:00 · 2026-03-21 10:37:08 -07:00
2 changed files with 63 additions and 10 deletions
--- a/codex-rs/linux-sandbox/src/linux_run_main.rs
+++ b/codex-rs/linux-sandbox/src/linux_run_main.rs
@@ -18,6 +18,8 @@ use codex_protocol::protocol::FileSystemSandboxPolicy;
 use codex_protocol::protocol::NetworkSandboxPolicy;
 use codex_protocol::protocol::SandboxPolicy;

+const LINUX_SANDBOX_ARG0: &str = "codex-linux-sandbox";
+
 #[derive(Debug, Parser)]
 /// CLI surface for the Linux sandbox helper.
 ///
@@ -465,15 +467,17 @@ fn build_bwrap_argv(
    )
    .unwrap_or_else(|err| panic!("error building bubblewrap command: {err:?}"));

-    let command_separator_index = bwrap_args
-        .args
-        .iter()
-        .position(|arg| arg == "--")
-        .unwrap_or_else(|| panic!("bubblewrap argv is missing command separator '--'"));
-    bwrap_args.args.splice(
-        command_separator_index..command_separator_index,
-        ["--argv0".to_string(), "codex-linux-sandbox".to_string()],
-    );
+    if should_set_bwrap_argv0(&bwrap_args.args) {
+        let command_separator_index = bwrap_args
+            .args
+            .iter()
+            .position(|arg| arg == "--")
+            .unwrap_or_else(|| panic!("bubblewrap argv is missing command separator '--'"));
+        bwrap_args.args.splice(
+            command_separator_index..command_separator_index,
+            ["--argv0".to_string(), LINUX_SANDBOX_ARG0.to_string()],
+        );
+    }

    let mut argv = vec!["bwrap".to_string()];
    argv.extend(bwrap_args.args);
@@ -483,6 +487,19 @@ fn build_bwrap_argv(
    }
 }

+fn should_set_bwrap_argv0(bwrap_args: &[String]) -> bool {
+    let Some(command_separator_index) = bwrap_args.iter().position(|arg| arg == "--") else {
+        panic!("bubblewrap argv is missing command separator '--'");
+    };
+    let Some(program) = bwrap_args.get(command_separator_index + 1) else {
+        panic!("bubblewrap argv is missing sandbox program after '--'");
+    };
+    Path::new(program)
+        .file_name()
+        .and_then(|name| name.to_str())
+        .is_none_or(|name| name != LINUX_SANDBOX_ARG0)
+}
+
 fn preflight_proc_mount_support(
    sandbox_policy_cwd: &Path,
    command_cwd: &Path,
--- a/codex-rs/linux-sandbox/src/linux_run_main_tests.rs
+++ b/codex-rs/linux-sandbox/src/linux_run_main_tests.rs
@@ -38,7 +38,7 @@ fn ignores_non_proc_mount_errors() {
 }

 #[test]
-fn inserts_bwrap_argv0_before_command_separator() {
+fn inserts_bwrap_argv0_before_command_separator_for_non_helper_programs() {
    let sandbox_policy = SandboxPolicy::new_read_only_policy();
    let argv = build_bwrap_argv(
        vec!["/bin/true".to_string()],
@@ -74,6 +74,42 @@ fn inserts_bwrap_argv0_before_command_separator() {
    );
 }

+#[test]
+fn skips_bwrap_argv0_when_command_already_uses_helper_basename() {
+    let sandbox_policy = SandboxPolicy::new_read_only_policy();
+    let argv = build_bwrap_argv(
+        vec!["/tmp/codex-linux-sandbox".to_string(), "--flag".to_string()],
+        &FileSystemSandboxPolicy::from(&sandbox_policy),
+        Path::new("/"),
+        Path::new("/"),
+        BwrapOptions {
+            mount_proc: true,
+            network_mode: BwrapNetworkMode::FullAccess,
+        },
+    )
+    .args;
+    assert_eq!(
+        argv,
+        vec![
+            "bwrap".to_string(),
+            "--new-session".to_string(),
+            "--die-with-parent".to_string(),
+            "--ro-bind".to_string(),
+            "/".to_string(),
+            "/".to_string(),
+            "--dev".to_string(),
+            "/dev".to_string(),
+            "--unshare-user".to_string(),
+            "--unshare-pid".to_string(),
+            "--proc".to_string(),
+            "/proc".to_string(),
+            "--".to_string(),
+            "/tmp/codex-linux-sandbox".to_string(),
+            "--flag".to_string(),
+        ]
+    );
+}
+
 #[test]
 fn inserts_unshare_net_when_network_isolation_requested() {
    let sandbox_policy = SandboxPolicy::new_read_only_policy();