mirror of https://github.com/openai/codex.git synced 2026-05-04 13:21:54 +03:00

Files

viyatb-oai f956cc2a02 feat(linux-sandbox): vendor bubblewrap and wire it with FFI (#10413 )

## Summary

Vendor Bubblewrap into the repo and add minimal build plumbing in
`codex-linux-sandbox` to compile/link it.

## Why

We want to move Linux sandboxing toward Bubblewrap, but in a safe
two-step rollout:
1) vendoring/build setup (this PR),  
2) runtime integration (follow-up PR).

## Included

- Add `codex-rs/vendor/bubblewrap` sources.
- Add build-time FFI path in `codex-rs/linux-sandbox`.
- Update `build.rs` rerun tracking for vendored files.
- Small vendored compile warning fix (`sockaddr_nl` full init).

follow up in https://github.com/openai/codex/pull/9938

2026-02-02 23:33:46 -08:00

src

feat(linux-sandbox): vendor bubblewrap and wire it with FFI (#10413 )

2026-02-02 23:33:46 -08:00

tests

remove sandbox globals. (#9797 )

2026-01-27 11:04:23 -08:00

BUILD.bazel

feat: add support for building with Bazel (#8875 )

2026-01-09 11:09:43 -08:00

build.rs

feat(linux-sandbox): vendor bubblewrap and wire it with FFI (#10413 )

2026-02-02 23:33:46 -08:00

Cargo.toml

feat(linux-sandbox): vendor bubblewrap and wire it with FFI (#10413 )

2026-02-02 23:33:46 -08:00

README.md

revert: remove pre-Landlock bind mounts apply (#9300 )

2026-01-15 09:47:57 -08:00

README.md

codex-linux-sandbox

This crate is responsible for producing:

a codex-linux-sandbox standalone executable for Linux that is bundled with the Node.js version of the Codex CLI
a lib crate that exposes the business logic of the executable as run_main() so that
- the codex-exec CLI can check if its arg0 is codex-linux-sandbox and, if so, execute as if it were codex-linux-sandbox
- this should also be true of the codex multitool CLI