mirror of
https://github.com/openai/codex.git
synced 2026-05-05 22:01:37 +03:00
40460faf2a
* In both TypeScript and Rust, we now invoke `/usr/bin/sandbox-exec` explicitly rather than whatever `sandbox-exec` happens to be on the `PATH`. * Changed `isSandboxExecAvailable` to use `access()` rather than `command -v` so that: * We only do the check once over the lifetime of the Codex process. * The check is specific to `/usr/bin/sandbox-exec`. * We now do a syscall rather than incur the overhead of spawning a process, dealing with timeouts, etc. I think there is still room for improvement here where we should move the `isSandboxExecAvailable` check earlier in the CLI, ideally right after we do arg parsing to verify that we can provide the Seatbelt sandbox if that is what the user has requested.