mirrors/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-04-28 18:32:04 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
a409c34c856e39ea6b2ac8eb1af7fdf8758c481e
codex/prs/bolinfest/PR-1785.md
Daniel Edrisian d2af202db7 study last 100 days PRs
2025-09-02 15:17:45 -07:00

162 lines
6.0 KiB
Markdown
Raw Blame History

# PR #1785: chore: introduce SandboxPolicy::WorkspaceWrite::include_default_writable_roots
- URL: https://github.com/openai/codex/pull/1785
- Author: bolinfest
- Created: 2025-08-01 18:31:32 UTC
- Updated: 2025-08-01 21:16:04 UTC
- Changes: +27/-1, Files changed: 4, Commits: 1
## Description
Without this change, it is challenging to create integration tests to
verify that the folders not included in `writable_roots` in
`SandboxPolicy::WorkspaceWrite` are read-only because, by default,
`get_writable_roots_with_cwd()` includes `TMPDIR`, which is where most integration
tests do their work.
This introduces a `include_default_writable_roots` option to disable the default
includes returned by `get_writable_roots_with_cwd()`.
---
[//]: # (BEGIN SAPLING FOOTER)
Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/1785).
* #1765
* __->__ #1785
## Full Diff
```diff
diff --git a/codex-rs/common/src/sandbox_summary.rs b/codex-rs/common/src/sandbox_summary.rs
index 3d33d92836..e0e309a9d9 100644
--- a/codex-rs/common/src/sandbox_summary.rs
+++ b/codex-rs/common/src/sandbox_summary.rs
@@ -7,6 +7,7 @@ pub fn summarize_sandbox_policy(sandbox_policy: &SandboxPolicy) -> String {
SandboxPolicy::WorkspaceWrite {
writable_roots,
network_access,
+ include_default_writable_roots,
} => {
let mut summary = "workspace-write".to_string();
if !writable_roots.is_empty() {
@@ -19,6 +20,9 @@ pub fn summarize_sandbox_policy(sandbox_policy: &SandboxPolicy) -> String {
.join(", ")
));
}
+ if !*include_default_writable_roots {
+ summary.push_str(" (exact writable roots)");
+ }
if *network_access {
summary.push_str(" (network access enabled)");
}
diff --git a/codex-rs/core/src/config.rs b/codex-rs/core/src/config.rs
index a65ec09674..20bdebe789 100644
--- a/codex-rs/core/src/config.rs
+++ b/codex-rs/core/src/config.rs
@@ -350,6 +350,7 @@ impl ConfigToml {
Some(s) => SandboxPolicy::WorkspaceWrite {
writable_roots: s.writable_roots.clone(),
network_access: s.network_access,
+ include_default_writable_roots: true,
},
None => SandboxPolicy::new_workspace_write_policy(),
},
@@ -720,6 +721,7 @@ writable_roots = [
SandboxPolicy::WorkspaceWrite {
writable_roots: vec![PathBuf::from("/tmp")],
network_access: false,
+ include_default_writable_roots: true,
},
sandbox_workspace_write_cfg.derive_sandbox_policy(sandbox_mode_override)
);
diff --git a/codex-rs/core/src/protocol.rs b/codex-rs/core/src/protocol.rs
index bc922eb0e2..e333373c7b 100644
--- a/codex-rs/core/src/protocol.rs
+++ b/codex-rs/core/src/protocol.rs
@@ -175,9 +175,19 @@ pub enum SandboxPolicy {
/// default.
#[serde(default)]
network_access: bool,
+
+ /// When set to `true`, will include defaults like the current working
+ /// directory and TMPDIR (on macOS). When `false`, only `writable_roots`
+ /// are used. (Mainly used for testing.)
+ #[serde(default = "default_true")]
+ include_default_writable_roots: bool,
},
}
+fn default_true() -> bool {
+ true
+}
+
impl FromStr for SandboxPolicy {
type Err = serde_json::Error;
@@ -199,6 +209,7 @@ impl SandboxPolicy {
SandboxPolicy::WorkspaceWrite {
writable_roots: vec![],
network_access: false,
+ include_default_writable_roots: true,
}
}
@@ -230,7 +241,15 @@ impl SandboxPolicy {
match self {
SandboxPolicy::DangerFullAccess => Vec::new(),
SandboxPolicy::ReadOnly => Vec::new(),
- SandboxPolicy::WorkspaceWrite { writable_roots, .. } => {
+ SandboxPolicy::WorkspaceWrite {
+ writable_roots,
+ include_default_writable_roots,
+ ..
+ } => {
+ if !*include_default_writable_roots {
+ return writable_roots.clone();
+ }
+
let mut roots = writable_roots.clone();
roots.push(cwd.to_path_buf());
diff --git a/codex-rs/linux-sandbox/tests/landlock.rs b/codex-rs/linux-sandbox/tests/landlock.rs
index 7eacda46c1..472a54e604 100644
--- a/codex-rs/linux-sandbox/tests/landlock.rs
+++ b/codex-rs/linux-sandbox/tests/landlock.rs
@@ -49,6 +49,7 @@ async fn run_cmd(cmd: &[&str], writable_roots: &[PathBuf], timeout_ms: u64) {
let sandbox_policy = SandboxPolicy::WorkspaceWrite {
writable_roots: writable_roots.to_vec(),
network_access: false,
+ include_default_writable_roots: true,
};
let sandbox_program = env!("CARGO_BIN_EXE_codex-linux-sandbox");
let codex_linux_sandbox_exe = Some(PathBuf::from(sandbox_program));
```
## Review Comments
### codex-rs/core/src/protocol.rs
- Created: 2025-08-01 20:48:47 UTC | Link: https://github.com/openai/codex/pull/1785#discussion_r2248846220
```diff
@@ -199,6 +203,7 @@ impl SandboxPolicy {
SandboxPolicy::WorkspaceWrite {
writable_roots: vec![],
network_access: false,
+ use_exact_writable_roots: false,
```
> I usually try to name things so that it makes sense for the default value to be `false`, but I agree it reads in a strange way in this case, so I'll flip it.
>
> I think an appropriate name would be `include_default_writable_roots` because it affects both `TMPDIR` and `cwd`.
- Created: 2025-08-01 21:09:45 UTC | Link: https://github.com/openai/codex/pull/1785#discussion_r2248873827
```diff
@@ -199,6 +203,7 @@ impl SandboxPolicy {
SandboxPolicy::WorkspaceWrite {
writable_roots: vec![],
network_access: false,
+ use_exact_writable_roots: false,
```
> Flipped, though I had to add `#[serde(default = "default_true")]`.
Reference in New Issue View Git Blame Copy Permalink