fix(network-proxy): add unix socket allow-all and update seatbelt rules (#11368)

## Summary Adds support for a Unix socket escape hatch so we can bypass socket allowlisting when explicitly enabled. ## Description * added a new flag, `network.dangerously_allow_all_unix_sockets` as an explicit escape hatch * In codex-network-proxy, enabling that flag now allows any absolute Unix socket path from x-unix-socket instead of requiring each path to be explicitly allowlisted. Relative paths are still rejected. * updated the macOS seatbelt path in core so it enforces the same Unix socket behavior: * allowlisted sockets generate explicit network* subpath rules * allow-all generates a broad network* (subpath "/") rule --------- Co-authored-by: Codex <199175422+chatgpt-codex-connector[bot]@users.noreply.github.com>
2026-04-29 19:03:02 +03:00 · 2026-02-20 10:56:57 -08:00
parent 73fd939296
commit 28c0089060
19 changed files with 553 additions and 18 deletions
--- a/codex-rs/config/src/config_requirements.rs
+++ b/codex-rs/config/src/config_requirements.rs
@@ -135,6 +135,7 @@ pub struct NetworkRequirementsToml {
    pub allow_upstream_proxy: Option<bool>,
    pub dangerously_allow_non_loopback_proxy: Option<bool>,
    pub dangerously_allow_non_loopback_admin: Option<bool>,
+    pub dangerously_allow_all_unix_sockets: Option<bool>,
    pub allowed_domains: Option<Vec<String>>,
    pub denied_domains: Option<Vec<String>>,
    pub allow_unix_sockets: Option<Vec<String>>,
@@ -150,6 +151,7 @@ pub struct NetworkConstraints {
    pub allow_upstream_proxy: Option<bool>,
    pub dangerously_allow_non_loopback_proxy: Option<bool>,
    pub dangerously_allow_non_loopback_admin: Option<bool>,
+    pub dangerously_allow_all_unix_sockets: Option<bool>,
    pub allowed_domains: Option<Vec<String>>,
    pub denied_domains: Option<Vec<String>>,
    pub allow_unix_sockets: Option<Vec<String>>,
@@ -165,6 +167,7 @@ impl From<NetworkRequirementsToml> for NetworkConstraints {
            allow_upstream_proxy,
            dangerously_allow_non_loopback_proxy,
            dangerously_allow_non_loopback_admin,
+            dangerously_allow_all_unix_sockets,
            allowed_domains,
            denied_domains,
            allow_unix_sockets,
@@ -177,6 +180,7 @@ impl From<NetworkRequirementsToml> for NetworkConstraints {
            allow_upstream_proxy,
            dangerously_allow_non_loopback_proxy,
            dangerously_allow_non_loopback_admin,
+            dangerously_allow_all_unix_sockets,
            allowed_domains,
            denied_domains,
            allow_unix_sockets,
@@ -1040,6 +1044,7 @@ mod tests {
            [experimental_network]
            enabled = true
            allow_upstream_proxy = false
+            dangerously_allow_all_unix_sockets = true
            allowed_domains = ["api.example.com", "*.openai.com"]
            denied_domains = ["blocked.example.com"]
            allow_unix_sockets = ["/tmp/example.sock"]
@@ -1058,6 +1063,10 @@ mod tests {
        assert_eq!(sourced_network.source, source);
        assert_eq!(sourced_network.value.enabled, Some(true));
        assert_eq!(sourced_network.value.allow_upstream_proxy, Some(false));
+        assert_eq!(
+            sourced_network.value.dangerously_allow_all_unix_sockets,
+            Some(true)
+        );
        assert_eq!(
            sourced_network.value.allowed_domains.as_ref(),
            Some(&vec![