clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-05-05 11:57:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d626dc38950fb40a1a5ad0a8ffab2485e3348c53
codex/codex-rs/exec-server/src/runtime_paths.rs
starr-openai d626dc3895 Run exec-server fs operations through sandbox helper (#17294) 
## Summary
- run exec-server filesystem RPCs requiring sandboxing through a
`codex-fs` arg0 helper over stdin/stdout
- keep direct local filesystem execution for `DangerFullAccess` and
external sandbox policies
- remove the standalone exec-server binary path in favor of top-level
arg0 dispatch/runtime paths
- add sandbox escape regression coverage for local and remote filesystem
paths

## Validation
- `just fmt`
- `git diff --check`
- remote devbox: `cd codex-rs && bazel test --bes_backend=
--bes_results_url= //codex-rs/exec-server:all` (6/6 passed)

---------

Co-authored-by: Codex <noreply@openai.com>
2026-04-12 18:36:03 -07:00

44 lines
1.5 KiB
Rust
Raw Blame History

use std::path::PathBuf;
use codex_utils_absolute_path::AbsolutePathBuf;
/// Runtime paths needed by exec-server child processes.
#[derive(Clone, Debug, Eq, PartialEq)]
pub struct ExecServerRuntimePaths {
/// Stable path to the Codex executable used to launch hidden helper modes.
pub codex_self_exe: AbsolutePathBuf,
/// Path to the Linux sandbox helper alias used when the platform sandbox
/// needs to re-enter Codex by argv0.
pub codex_linux_sandbox_exe: Option<AbsolutePathBuf>,
}
impl ExecServerRuntimePaths {
pub fn from_optional_paths(
codex_self_exe: Option<PathBuf>,
codex_linux_sandbox_exe: Option<PathBuf>,
) -> std::io::Result<Self> {
let codex_self_exe = codex_self_exe.ok_or_else(|| {
std::io::Error::new(
std::io::ErrorKind::InvalidInput,
"Codex executable path is not configured",
)
})?;
Self::new(codex_self_exe, codex_linux_sandbox_exe)
}
pub fn new(
codex_self_exe: PathBuf,
codex_linux_sandbox_exe: Option<PathBuf>,
) -> std::io::Result<Self> {
Ok(Self {
codex_self_exe: absolute_path(codex_self_exe)?,
codex_linux_sandbox_exe: codex_linux_sandbox_exe.map(absolute_path).transpose()?,
})
}
}
fn absolute_path(path: PathBuf) -> std::io::Result<AbsolutePathBuf> {
AbsolutePathBuf::from_absolute_path(path.as_path())
.map_err(|err| std::io::Error::new(std::io::ErrorKind::InvalidInput, err))
}
Reference in New Issue View Git Blame Copy Permalink