viyatb-oai 9cbef243b5 fix(linux-sandbox): isolate Linux sandbox synthetic mount registry per user for shared codex use case (#21234) ...

## Summary
- make the Linux sandbox synthetic mount registry path unique per
effective UID
- keep same-user coordination intact while avoiding collisions between
users sharing `/tmp`
- add a regression test for the registry path contract

## Why
Issue #21192 reports that the Linux sandbox currently uses one global
temp path at `/tmp/codex-bwrap-synthetic-mount-targets`. If another user
creates that directory first, later users can fail to open the shared
lock file with `Permission denied`.

## Validation
- `just fmt`
- `cargo test -p codex-linux-sandbox`
- `cargo clippy -p codex-linux-sandbox --all-targets`

Fixes #21192

2026-05-05 20:43:37 +00:00

..

bwrap.rs

Enforce workspace metadata protections in Linux sandbox (#19852)

2026-04-29 16:14:14 -07:00

landlock.rs

linux-sandbox: switch helper plumbing to PermissionProfile (#20106)

2026-04-28 19:43:44 -07:00

launcher.rs

fix(linux-sandbox): fall back when system bwrap lacks perms (#20628)

2026-05-04 10:38:31 -07:00

lib.rs

fix(linux-sandbox): prefer system /usr/bin/bwrap when available (#14963)

2026-03-17 23:05:34 +00:00

linux_run_main_tests.rs

fix(linux-sandbox): isolate Linux sandbox synthetic mount registry per user for shared codex use case (#21234)

2026-05-05 20:43:37 +00:00

linux_run_main.rs

fix(linux-sandbox): isolate Linux sandbox synthetic mount registry per user for shared codex use case (#21234)

2026-05-05 20:43:37 +00:00

main.rs

fix: overhaul how we spawn commands under seccomp/landlock on Linux (#1086)

2025-05-23 11:37:07 -07:00

proxy_routing.rs

fix(network-proxy): harden linux proxy bridge helpers (#20001)

2026-04-28 11:52:50 -07:00

vendored_bwrap.rs

fix(linux-sandbox): prefer system /usr/bin/bwrap when available (#14963)

2026-03-17 23:05:34 +00:00