mirrors/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-04-28 02:11:08 +03:00
Code Issues Packages Projects Releases Wiki Activity

Allow GPU access inside of landlock sandbox

Browse Source 
This addresses #3141
This commit is contained in:
Eric Traut
2025-12-13 22:44:37 -08:00
parent a2c86e5d88
commit 730387fb6d
1 changed files with 35 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
codex-rs/linux-sandbox/src/landlock.rs
View File

@@ -1,5 +1,7 @@
use std::collections::BTreeMap;
use std::fs;
use std::path::Path;
use std::path::PathBuf;
use codex_core::error::CodexErr;
use codex_core::error::Result;
@@ -62,6 +64,7 @@ fn install_filesystem_landlock_rules_on_current_thread(
let abi = ABI::V5;
let access_rw = AccessFs::from_all(abi);
let access_ro = AccessFs::from_read(abi);
let gpu_device_paths = gpu_device_paths();
let mut ruleset = Ruleset::default()
.set_compatibility(CompatLevel::BestEffort)
@@ -71,6 +74,10 @@ fn install_filesystem_landlock_rules_on_current_thread(
.add_rules(landlock::path_beneath_rules(&["/dev/null"], access_rw))?
.set_no_new_privs(true);
if !gpu_device_paths.is_empty() {
ruleset = ruleset.add_rules(landlock::path_beneath_rules(&gpu_device_paths, access_rw))?;
}
if !writable_roots.is_empty() {
ruleset = ruleset.add_rules(landlock::path_beneath_rules(&writable_roots, access_rw))?;
}
@@ -84,6 +91,34 @@ fn install_filesystem_landlock_rules_on_current_thread(
Ok(())
}
fn gpu_device_paths() -> Vec<PathBuf> {
let mut paths = Vec::new();
let drm_path = Path::new("/dev/dri");
if drm_path.exists() {
paths.push(drm_path.to_path_buf());
}
let amd_kfd_path = Path::new("/dev/kfd");
if amd_kfd_path.exists() {
paths.push(amd_kfd_path.to_path_buf());
}
if let Ok(entries) = fs::read_dir("/dev") {
paths.extend(entries.flatten().filter_map(|entry| {
let file_name = entry.file_name();
let name = file_name.to_str()?;
if name.starts_with("nvidia") {
Some(entry.path())
} else {
None
}
}));
}
paths
}
/// Installs a seccomp filter that blocks outbound network access except for
/// AF_UNIX domain sockets.
fn install_network_seccomp_filter_on_current_thread() -> std::result::Result<(), SandboxErr> {