mirror of
https://github.com/openai/codex.git
synced 2026-05-15 00:32:51 +00:00
2e1003728c
## Changes Allows sandboxes to restrict overall network access while granting access to specific unix sockets on mac. ## Details - `codex sandbox macos`: adds a repeatable `--allow-unix-socket` option. - `codex-sandboxing`: threads explicit Unix socket roots into the macOS Seatbelt profile generation. - Preserves restricted network behavior when only Unix socket IPC is requested, and preserves full network behavior when full network is already enabled. ## Verification - `cargo test -p codex-cli -p codex-sandboxing` - `cargo build -p codex-cli --bin codex` - verified that `codex sandbox macos --allow-unix-socket /tmp/test.sock -- test-client` grants access as expected
74 lines
2.6 KiB
Rust
74 lines
2.6 KiB
Rust
pub(crate) mod debug_sandbox;
|
|
mod exit_status;
|
|
pub(crate) mod login;
|
|
|
|
use clap::Parser;
|
|
use codex_utils_absolute_path::AbsolutePathBuf;
|
|
use codex_utils_cli::CliConfigOverrides;
|
|
|
|
pub use debug_sandbox::run_command_under_landlock;
|
|
pub use debug_sandbox::run_command_under_seatbelt;
|
|
pub use debug_sandbox::run_command_under_windows;
|
|
pub use login::read_api_key_from_stdin;
|
|
pub use login::run_login_status;
|
|
pub use login::run_login_with_api_key;
|
|
pub use login::run_login_with_chatgpt;
|
|
pub use login::run_login_with_device_code;
|
|
pub use login::run_login_with_device_code_fallback_to_browser;
|
|
pub use login::run_logout;
|
|
|
|
#[derive(Debug, Parser)]
|
|
pub struct SeatbeltCommand {
|
|
/// Convenience alias for low-friction sandboxed automatic execution (network-disabled sandbox that can write to cwd and TMPDIR)
|
|
#[arg(long = "full-auto", default_value_t = false)]
|
|
pub full_auto: bool,
|
|
|
|
/// Allow the sandboxed command to bind/connect AF_UNIX sockets rooted at this path. Relative paths are resolved against the current directory. Repeat to allow multiple paths.
|
|
#[arg(long = "allow-unix-socket", value_parser = parse_allow_unix_socket_path)]
|
|
pub allow_unix_sockets: Vec<AbsolutePathBuf>,
|
|
|
|
/// While the command runs, capture macOS sandbox denials via `log stream` and print them after exit
|
|
#[arg(long = "log-denials", default_value_t = false)]
|
|
pub log_denials: bool,
|
|
|
|
#[clap(skip)]
|
|
pub config_overrides: CliConfigOverrides,
|
|
|
|
/// Full command args to run under seatbelt.
|
|
#[arg(trailing_var_arg = true)]
|
|
pub command: Vec<String>,
|
|
}
|
|
|
|
fn parse_allow_unix_socket_path(raw: &str) -> Result<AbsolutePathBuf, String> {
|
|
AbsolutePathBuf::relative_to_current_dir(raw)
|
|
.map_err(|err| format!("invalid path {raw}: {err}"))
|
|
}
|
|
|
|
#[derive(Debug, Parser)]
|
|
pub struct LandlockCommand {
|
|
/// Convenience alias for low-friction sandboxed automatic execution (network-disabled sandbox that can write to cwd and TMPDIR)
|
|
#[arg(long = "full-auto", default_value_t = false)]
|
|
pub full_auto: bool,
|
|
|
|
#[clap(skip)]
|
|
pub config_overrides: CliConfigOverrides,
|
|
|
|
/// Full command args to run under the Linux sandbox.
|
|
#[arg(trailing_var_arg = true)]
|
|
pub command: Vec<String>,
|
|
}
|
|
|
|
#[derive(Debug, Parser)]
|
|
pub struct WindowsCommand {
|
|
/// Convenience alias for low-friction sandboxed automatic execution (network-disabled sandbox that can write to cwd and TMPDIR)
|
|
#[arg(long = "full-auto", default_value_t = false)]
|
|
pub full_auto: bool,
|
|
|
|
#[clap(skip)]
|
|
pub config_overrides: CliConfigOverrides,
|
|
|
|
/// Full command args to run under Windows restricted token sandbox.
|
|
#[arg(trailing_var_arg = true)]
|
|
pub command: Vec<String>,
|
|
}
|