mirror of https://github.com/openai/codex.git synced 2026-04-27 08:05:51 +00:00

Files

viyatb-oai ae4de43ccc feat(linux-sandbox): add bwrap support (#9938 )

## Summary
This PR introduces a gated Bubblewrap (bwrap) Linux sandbox path. The
curent Linux sandbox path relies on in-process restrictions (including
Landlock). Bubblewrap gives us a more uniform filesystem isolation
model, especially explicit writable roots with the option to make some
directories read-only and granular network controls.

This is behind a feature flag so we can validate behavior safely before
making it the default.

- Added temporary rollout flag:
  - `features.use_linux_sandbox_bwrap`
- Preserved existing default path when the flag is off.
- In Bubblewrap mode:
- Added internal retry without /proc when /proc mount is not permitted
by the host/container.

2026-02-04 11:13:17 -08:00

src

feat(linux-sandbox): add bwrap support (#9938 )

2026-02-04 11:13:17 -08:00

templates

Improve Default mode prompt (less confusion with Plan mode) (#10545 )

2026-02-03 12:08:38 -08:00

tests

feat(linux-sandbox): add bwrap support (#9938 )

2026-02-04 11:13:17 -08:00

BUILD.bazel

merge remote models (#9547 )

2026-01-20 14:02:07 -08:00

build.rs

fix: System skills marker includes nested folders recursively (#10350 )

2026-02-01 18:17:32 -08:00

Cargo.toml

feat: add APIs to list and download public remote skills (#10448 )

2026-02-03 14:09:37 -08:00

config.schema.json

feat(linux-sandbox): add bwrap support (#9938 )

2026-02-04 11:13:17 -08:00

gpt_5_1_prompt.md

Assemble sandbox/approval/network prompts dynamically (#8961 )

2026-01-12 23:12:59 +00:00

gpt_5_2_prompt.md

Assemble sandbox/approval/network prompts dynamically (#8961 )

2026-01-12 23:12:59 +00:00

gpt_5_codex_prompt.md

Assemble sandbox/approval/network prompts dynamically (#8961 )

2026-01-12 23:12:59 +00:00

gpt-5.1-codex-max_prompt.md

Assemble sandbox/approval/network prompts dynamically (#8961 )

2026-01-12 23:12:59 +00:00

gpt-5.2-codex_prompt.md

Assemble sandbox/approval/network prompts dynamically (#8961 )

2026-01-12 23:12:59 +00:00

hierarchical_agents_message.md

Add hierarchical agent prompt (#8996 )

2026-01-09 13:47:37 -08:00

models.json

Update models.json (#9726 )

2026-01-23 00:44:47 +00:00

prompt_with_apply_patch_instructions.md

Assemble sandbox/approval/network prompts dynamically (#8961 )

2026-01-12 23:12:59 +00:00

prompt.md

Assemble sandbox/approval/network prompts dynamically (#8961 )

2026-01-12 23:12:59 +00:00

README.md

feat: add support for read-only bind mounts in the linux sandbox (#9112 )

2026-01-14 08:30:46 -08:00

review_prompt.md

docs: Fix markdown list item spacing in codex-rs/core/review_prompt.md (#4144 )

2025-10-30 17:39:21 -07:00

README.md

codex-core

This crate implements the business logic for Codex. It is designed to be used by the various Codex UIs written in Rust.

Dependencies

Note that codex-core makes some assumptions about certain helper utilities being available in the environment. Currently, this support matrix is:

macOS

Expects /usr/bin/sandbox-exec to be present.

When using the workspace-write sandbox policy, the Seatbelt profile allows writes under the configured writable roots while keeping .git (directory or pointer file), the resolved gitdir: target, and .codex read-only.

Linux

Expects the binary containing codex-core to run the equivalent of codex sandbox linux (legacy alias: codex debug landlock) when arg0 is codex-linux-sandbox. See the codex-arg0 crate for details.

All Platforms

Expects the binary containing codex-core to simulate the virtual apply_patch CLI when arg1 is --codex-run-as-apply-patch. See the codex-arg0 crate for details.