mirror of
https://github.com/openai/codex.git
synced 2026-03-05 21:45:28 +03:00
b3202cbd58
## Summary - Implement Linux proxy-only routing in `codex-rs/linux-sandbox` with a two-stage bridge: host namespace `loopback TCP proxy endpoint -> UDS`, then bwrap netns `loopback TCP listener -> host UDS`. - Add hidden `--proxy-route-spec` plumbing for outer-to-inner stage handoff. - Fail closed in proxy mode when no valid loopback proxy endpoints can be routed. - Introduce explicit network seccomp modes: `Restricted` (legacy restricted networking) and `ProxyRouted` (allow INET/INET6 for routed proxy access, deny `AF_UNIX` and `socketpair`). - Enforce that proxy bridge/routing is bwrap-only by validating `--apply-seccomp-then-exec` requires `--use-bwrap-sandbox`. - Keep landlock-only flows unchanged (no proxy bridge behavior outside bwrap). --------- Co-authored-by: Codex <199175422+chatgpt-codex-connector[bot]@users.noreply.github.com>
44 lines
987 B
TOML
44 lines
987 B
TOML
[package]
|
|
name = "codex-linux-sandbox"
|
|
version.workspace = true
|
|
edition.workspace = true
|
|
license.workspace = true
|
|
|
|
[[bin]]
|
|
name = "codex-linux-sandbox"
|
|
path = "src/main.rs"
|
|
|
|
[lib]
|
|
name = "codex_linux_sandbox"
|
|
path = "src/lib.rs"
|
|
|
|
[lints]
|
|
workspace = true
|
|
|
|
[target.'cfg(target_os = "linux")'.dependencies]
|
|
clap = { workspace = true, features = ["derive"] }
|
|
codex-core = { workspace = true }
|
|
codex-protocol = { workspace = true }
|
|
codex-utils-absolute-path = { workspace = true }
|
|
landlock = { workspace = true }
|
|
libc = { workspace = true }
|
|
seccompiler = { workspace = true }
|
|
serde = { workspace = true, features = ["derive"] }
|
|
serde_json = { workspace = true }
|
|
url = { workspace = true }
|
|
|
|
[target.'cfg(target_os = "linux")'.dev-dependencies]
|
|
pretty_assertions = { workspace = true }
|
|
tempfile = { workspace = true }
|
|
tokio = { workspace = true, features = [
|
|
"io-std",
|
|
"macros",
|
|
"process",
|
|
"rt-multi-thread",
|
|
"signal",
|
|
] }
|
|
|
|
[build-dependencies]
|
|
cc = "1"
|
|
pkg-config = "0.3"
|