diff --git a/codex-rs/core/Cargo.toml b/codex-rs/core/Cargo.toml index fc57a6131e..8e71bcdaf4 100644 --- a/codex-rs/core/Cargo.toml +++ b/codex-rs/core/Cargo.toml @@ -96,6 +96,9 @@ windows_appcontainer_command_ext = [] windows_appcontainer_command_ext_raw_attribute = [ "windows_appcontainer_command_ext", ] +windows_appcontainer_raw_attribute_api = [ + "windows_appcontainer_command_ext_raw_attribute", +] # Build OpenSSL from source for musl builds. [target.x86_64-unknown-linux-musl.dependencies] diff --git a/codex-rs/core/src/lib.rs b/codex-rs/core/src/lib.rs index e91e2e4732..a49849159a 100644 --- a/codex-rs/core/src/lib.rs +++ b/codex-rs/core/src/lib.rs @@ -1,7 +1,7 @@ //! Root of the `codex-core` library. #![cfg_attr( - all(windows, feature = "windows_appcontainer_command_ext_raw_attribute"), + all(windows, feature = "windows_appcontainer_raw_attribute_api"), feature(windows_process_extensions_raw_attribute) )] // Prevent accidental direct writes to stdout/stderr in library code. All diff --git a/codex-rs/core/src/windows_appcontainer.rs b/codex-rs/core/src/windows_appcontainer.rs index 3a02295fbd..569e8cfe01 100644 --- a/codex-rs/core/src/windows_appcontainer.rs +++ b/codex-rs/core/src/windows_appcontainer.rs @@ -72,6 +72,27 @@ mod imp { use windows::core::PCWSTR; use windows::core::PWSTR; + #[cfg(feature = "windows_appcontainer_raw_attribute_api")] + unsafe fn attach_attribute_list( + std_cmd: &mut std::process::Command, + attribute_list: LPPROC_THREAD_ATTRIBUTE_LIST, + ) -> io::Result<()> { + std_cmd.raw_attribute_list(attribute_list.0.cast()); + Ok(()) + } + + #[cfg(not(feature = "windows_appcontainer_raw_attribute_api"))] + unsafe fn attach_attribute_list( + _std_cmd: &mut std::process::Command, + _attribute_list: LPPROC_THREAD_ATTRIBUTE_LIST, + ) -> io::Result<()> { + Err(io::Error::new( + io::ErrorKind::Unsupported, + "AppContainer raw attribute injection requires the \ +`windows_appcontainer_raw_attribute_api` feature, which depends on nightly Rust", + )) + } + const WINDOWS_APPCONTAINER_PROFILE_NAME: &str = "codex_appcontainer"; const WINDOWS_APPCONTAINER_PROFILE_DESC: &str = "Codex Windows AppContainer profile"; const WINDOWS_APPCONTAINER_SANDBOX_VALUE: &str = "windows_appcontainer"; @@ -122,7 +143,10 @@ mod imp { unsafe { let std_cmd = cmd.as_std_mut(); std_cmd.creation_flags(EXTENDED_STARTUPINFO_PRESENT.0); - std_cmd.raw_attribute_list(attribute_list.as_mut_ptr().0.cast()); + if let Err(err) = attach_attribute_list(std_cmd, attribute_list.as_mut_ptr()) { + drop(attribute_list); + return Err(err); + } } let child = cmd.spawn(); @@ -143,6 +167,7 @@ mod imp { cmd.stderr(std::process::Stdio::inherit()); } } + Ok(()) } fn to_wide>(s: S) -> Vec { @@ -469,7 +494,7 @@ pub async fn spawn_command_under_windows_appcontainer( let _ = (command, command_cwd); Err(io::Error::new( io::ErrorKind::Unsupported, - "AppContainer sandboxing requires the `windows_appcontainer_command_ext_raw_attribute` feature, which in turn needs a nightly compiler", + "AppContainer sandboxing requires the `windows_appcontainer_raw_attribute_api` feature, which depends on nightly Rust", )) } diff --git a/codex-rs/core/tests/windows_appcontainer.rs b/codex-rs/core/tests/windows_appcontainer.rs index e8d5196f03..1d1d9d4c68 100644 --- a/codex-rs/core/tests/windows_appcontainer.rs +++ b/codex-rs/core/tests/windows_appcontainer.rs @@ -2,6 +2,7 @@ windows, feature = "windows_appcontainer_command_ext", feature = "windows_appcontainer_command_ext_raw_attribute", + feature = "windows_appcontainer_raw_attribute_api", ))] use codex_core::protocol::SandboxPolicy;