clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-05-02 10:26:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4dd489f6bbb85b339c4711cee084f51c1ff00a4e
codex/codex-rs/sandboxing/src/bwrap.rs
viyatb-oai ec089fd22a fix(sandbox): fix bwrap lookup for multi-entry PATH (#15973) 
## Summary
- split the joined `PATH` before running system `bwrap` lookup
- keep the existing workspace-local `bwrap` skip behavior intact
- add regression tests that exercise real multi-entry search paths

## Why
The PATH-based lookup added in #15791 still wrapped the raw `PATH`
environment value as a single `PathBuf` before passing it through
`join_paths()`. On Unix, a normal multi-entry `PATH` contains `:`, so
that wrapper path is invalid as one path element and the lookup returns
`None`.

That made Codex behave as if no system `bwrap` was installed even when
`bwrap` was available on `PATH`, which is what users in #15340 were
still hitting on `0.117.0-alpha.25`.

## Impact
System `bwrap` discovery now works with normal multi-entry `PATH` values
instead of silently falling back to the vendored binary.

Fixes #15340.

## Validation
- `just fmt`
- `cargo test -p codex-sandboxing`
- `cargo test -p codex-linux-sandbox`
- `just fix -p codex-sandboxing`
- `just argument-comment-lint`
2026-03-27 08:41:06 -07:00

47 lines
1.4 KiB
Rust
Raw Blame History

use std::path::Path;
use std::path::PathBuf;
const SYSTEM_BWRAP_PROGRAM: &str = "bwrap";
pub fn system_bwrap_warning() -> Option<String> {
system_bwrap_warning_for_lookup(find_system_bwrap_in_path())
}
fn system_bwrap_warning_for_lookup(system_bwrap_path: Option<PathBuf>) -> Option<String> {
match system_bwrap_path {
Some(_) => None,
None => Some(
"Codex could not find system bubblewrap on PATH. Please install bubblewrap with your package manager. Codex will use the vendored bubblewrap in the meantime."
.to_string(),
),
}
}
pub fn find_system_bwrap_in_path() -> Option<PathBuf> {
let search_path = std::env::var_os("PATH")?;
let cwd = std::env::current_dir().ok()?;
find_system_bwrap_in_search_paths(std::env::split_paths(&search_path), &cwd)
}
fn find_system_bwrap_in_search_paths(
search_paths: impl IntoIterator<Item = PathBuf>,
cwd: &Path,
) -> Option<PathBuf> {
let search_path = std::env::join_paths(search_paths).ok()?;
let cwd = std::fs::canonicalize(cwd).unwrap_or_else(|_| cwd.to_path_buf());
which::which_in_all(SYSTEM_BWRAP_PROGRAM, Some(search_path), &cwd)
.ok()?
.find_map(|path| {
let path = std::fs::canonicalize(path).ok()?;
if path.starts_with(&cwd) {
None
} else {
Some(path)
}
})
}
#[cfg(test)]
#[path = "bwrap_tests.rs"]
mod tests;
Reference in New Issue View Git Blame Copy Permalink