valknar/llmx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
64e6c4afbbcb154d331d64a682b5b641c8007271
llmx/codex-rs/linux-sandbox/Cargo.toml

33 lines
609 B
TOML
Raw Normal View History

fix: overhaul how we spawn commands under seccomp/landlock on Linux (#1086) Historically, we spawned the Seatbelt and Landlock sandboxes in substantially different ways: For **Seatbelt**, we would run `/usr/bin/sandbox-exec` with our policy specified as an arg followed by the original command: https://github.com/openai/codex/blob/d1de7bb383552e8fadd94be79d65d188e00fd562/codex-rs/core/src/exec.rs#L147-L219 For **Landlock/Seccomp**, we would do `tokio::runtime::Builder::new_current_thread()`, _invoke Landlock/Seccomp APIs to modify the permissions of that new thread_, and then spawn the command: https://github.com/openai/codex/blob/d1de7bb383552e8fadd94be79d65d188e00fd562/codex-rs/core/src/exec_linux.rs#L28-L49 While it is neat that Landlock/Seccomp supports applying a policy to only one thread without having to apply it to the entire process, it requires us to maintain two different codepaths and is a bit harder to reason about. The tipping point was https://github.com/openai/codex/pull/1061, in which we had to start building up the `env` in an unexpected way for the existing Landlock/Seccomp approach to continue to work. This PR overhauls things so that we do similar things for Mac and Linux. It turned out that we were already building our own "helper binary" comparable to Mac's `sandbox-exec` as part of the `cli` crate: https://github.com/openai/codex/blob/d1de7bb383552e8fadd94be79d65d188e00fd562/codex-rs/cli/Cargo.toml#L10-L12 We originally created this to build a small binary to include with the Node.js version of the Codex CLI to provide support for Linux sandboxing. Though the sticky bit is that, at this point, we still want to deploy the Rust version of Codex as a single, standalone binary rather than a CLI and a supporting sandboxing binary. To satisfy this goal, we use "the arg0 trick," in which we: * use `std::env::current_exe()` to get the path to the CLI that is currently running * use the CLI as the `program` for the `Command` * set `"codex-linux-sandbox"` as arg0 for the `Command` A CLI that supports sandboxing should check arg0 at the start of the program. If it is `"codex-linux-sandbox"`, it must invoke `codex_linux_sandbox::run_main()`, which runs the CLI as if it were `codex-linux-sandbox`. When acting as `codex-linux-sandbox`, we make the appropriate Landlock/Seccomp API calls and then use `execvp(3)` to spawn the original command, so do _replace_ the process rather than spawn a subprocess. Incidentally, we do this before starting the Tokio runtime, so the process should only have one thread when `execvp(3)` is called. Because the `core` crate that needs to spawn the Linux sandboxing is not a CLI in its own right, this means that every CLI that includes `core` and relies on this behavior has to (1) implement it and (2) provide the path to the sandboxing executable. While the path is almost always `std::env::current_exe()`, we needed to make this configurable for integration tests, so `Config` now has a `codex_linux_sandbox_exe: Option<PathBuf>` property to facilitate threading this through, introduced in https://github.com/openai/codex/pull/1089. This common pattern is now captured in `codex_linux_sandbox::run_with_sandbox()` and all of the `main.rs` functions that should use it have been updated as part of this PR. The `codex-linux-sandbox` crate added to the Cargo workspace as part of this PR now has the bulk of the Landlock/Seccomp logic, which makes `core` a bit simpler. Indeed, `core/src/exec_linux.rs` and `core/src/landlock.rs` were removed/ported as part of this PR. I also moved the unit tests for this code into an integration test, `linux-sandbox/tests/landlock.rs`, in which I use `env!("CARGO_BIN_EXE_codex-linux-sandbox")` as the value for `codex_linux_sandbox_exe` since `std::env::current_exe()` is not appropriate in that case.
2025-05-23 11:37:07 -07:00
[package]
Auto format toml (#1745) Add recommended extension and configure it to auto format prompt.
2025-07-30 18:37:00 -07:00
edition = "2024"
fix: overhaul how we spawn commands under seccomp/landlock on Linux (#1086) Historically, we spawned the Seatbelt and Landlock sandboxes in substantially different ways: For **Seatbelt**, we would run `/usr/bin/sandbox-exec` with our policy specified as an arg followed by the original command: https://github.com/openai/codex/blob/d1de7bb383552e8fadd94be79d65d188e00fd562/codex-rs/core/src/exec.rs#L147-L219 For **Landlock/Seccomp**, we would do `tokio::runtime::Builder::new_current_thread()`, _invoke Landlock/Seccomp APIs to modify the permissions of that new thread_, and then spawn the command: https://github.com/openai/codex/blob/d1de7bb383552e8fadd94be79d65d188e00fd562/codex-rs/core/src/exec_linux.rs#L28-L49 While it is neat that Landlock/Seccomp supports applying a policy to only one thread without having to apply it to the entire process, it requires us to maintain two different codepaths and is a bit harder to reason about. The tipping point was https://github.com/openai/codex/pull/1061, in which we had to start building up the `env` in an unexpected way for the existing Landlock/Seccomp approach to continue to work. This PR overhauls things so that we do similar things for Mac and Linux. It turned out that we were already building our own "helper binary" comparable to Mac's `sandbox-exec` as part of the `cli` crate: https://github.com/openai/codex/blob/d1de7bb383552e8fadd94be79d65d188e00fd562/codex-rs/cli/Cargo.toml#L10-L12 We originally created this to build a small binary to include with the Node.js version of the Codex CLI to provide support for Linux sandboxing. Though the sticky bit is that, at this point, we still want to deploy the Rust version of Codex as a single, standalone binary rather than a CLI and a supporting sandboxing binary. To satisfy this goal, we use "the arg0 trick," in which we: * use `std::env::current_exe()` to get the path to the CLI that is currently running * use the CLI as the `program` for the `Command` * set `"codex-linux-sandbox"` as arg0 for the `Command` A CLI that supports sandboxing should check arg0 at the start of the program. If it is `"codex-linux-sandbox"`, it must invoke `codex_linux_sandbox::run_main()`, which runs the CLI as if it were `codex-linux-sandbox`. When acting as `codex-linux-sandbox`, we make the appropriate Landlock/Seccomp API calls and then use `execvp(3)` to spawn the original command, so do _replace_ the process rather than spawn a subprocess. Incidentally, we do this before starting the Tokio runtime, so the process should only have one thread when `execvp(3)` is called. Because the `core` crate that needs to spawn the Linux sandboxing is not a CLI in its own right, this means that every CLI that includes `core` and relies on this behavior has to (1) implement it and (2) provide the path to the sandboxing executable. While the path is almost always `std::env::current_exe()`, we needed to make this configurable for integration tests, so `Config` now has a `codex_linux_sandbox_exe: Option<PathBuf>` property to facilitate threading this through, introduced in https://github.com/openai/codex/pull/1089. This common pattern is now captured in `codex_linux_sandbox::run_with_sandbox()` and all of the `main.rs` functions that should use it have been updated as part of this PR. The `codex-linux-sandbox` crate added to the Cargo workspace as part of this PR now has the bulk of the Landlock/Seccomp logic, which makes `core` a bit simpler. Indeed, `core/src/exec_linux.rs` and `core/src/landlock.rs` were removed/ported as part of this PR. I also moved the unit tests for this code into an integration test, `linux-sandbox/tests/landlock.rs`, in which I use `env!("CARGO_BIN_EXE_codex-linux-sandbox")` as the value for `codex_linux_sandbox_exe` since `std::env::current_exe()` is not appropriate in that case.
2025-05-23 11:37:07 -07:00
name = "codex-linux-sandbox"
version = { workspace = true }
[[bin]]
name = "codex-linux-sandbox"
path = "src/main.rs"
[lib]
name = "codex_linux_sandbox"
path = "src/lib.rs"
[lints]
workspace = true
fix: move arg0 handling out of codex-linux-sandbox and into its own crate (#1697)
2025-07-28 08:31:24 -07:00
[target.'cfg(target_os = "linux")'.dependencies]
fix: overhaul how we spawn commands under seccomp/landlock on Linux (#1086) Historically, we spawned the Seatbelt and Landlock sandboxes in substantially different ways: For **Seatbelt**, we would run `/usr/bin/sandbox-exec` with our policy specified as an arg followed by the original command: https://github.com/openai/codex/blob/d1de7bb383552e8fadd94be79d65d188e00fd562/codex-rs/core/src/exec.rs#L147-L219 For **Landlock/Seccomp**, we would do `tokio::runtime::Builder::new_current_thread()`, _invoke Landlock/Seccomp APIs to modify the permissions of that new thread_, and then spawn the command: https://github.com/openai/codex/blob/d1de7bb383552e8fadd94be79d65d188e00fd562/codex-rs/core/src/exec_linux.rs#L28-L49 While it is neat that Landlock/Seccomp supports applying a policy to only one thread without having to apply it to the entire process, it requires us to maintain two different codepaths and is a bit harder to reason about. The tipping point was https://github.com/openai/codex/pull/1061, in which we had to start building up the `env` in an unexpected way for the existing Landlock/Seccomp approach to continue to work. This PR overhauls things so that we do similar things for Mac and Linux. It turned out that we were already building our own "helper binary" comparable to Mac's `sandbox-exec` as part of the `cli` crate: https://github.com/openai/codex/blob/d1de7bb383552e8fadd94be79d65d188e00fd562/codex-rs/cli/Cargo.toml#L10-L12 We originally created this to build a small binary to include with the Node.js version of the Codex CLI to provide support for Linux sandboxing. Though the sticky bit is that, at this point, we still want to deploy the Rust version of Codex as a single, standalone binary rather than a CLI and a supporting sandboxing binary. To satisfy this goal, we use "the arg0 trick," in which we: * use `std::env::current_exe()` to get the path to the CLI that is currently running * use the CLI as the `program` for the `Command` * set `"codex-linux-sandbox"` as arg0 for the `Command` A CLI that supports sandboxing should check arg0 at the start of the program. If it is `"codex-linux-sandbox"`, it must invoke `codex_linux_sandbox::run_main()`, which runs the CLI as if it were `codex-linux-sandbox`. When acting as `codex-linux-sandbox`, we make the appropriate Landlock/Seccomp API calls and then use `execvp(3)` to spawn the original command, so do _replace_ the process rather than spawn a subprocess. Incidentally, we do this before starting the Tokio runtime, so the process should only have one thread when `execvp(3)` is called. Because the `core` crate that needs to spawn the Linux sandboxing is not a CLI in its own right, this means that every CLI that includes `core` and relies on this behavior has to (1) implement it and (2) provide the path to the sandboxing executable. While the path is almost always `std::env::current_exe()`, we needed to make this configurable for integration tests, so `Config` now has a `codex_linux_sandbox_exe: Option<PathBuf>` property to facilitate threading this through, introduced in https://github.com/openai/codex/pull/1089. This common pattern is now captured in `codex_linux_sandbox::run_with_sandbox()` and all of the `main.rs` functions that should use it have been updated as part of this PR. The `codex-linux-sandbox` crate added to the Cargo workspace as part of this PR now has the bulk of the Landlock/Seccomp logic, which makes `core` a bit simpler. Indeed, `core/src/exec_linux.rs` and `core/src/landlock.rs` were removed/ported as part of this PR. I also moved the unit tests for this code into an integration test, `linux-sandbox/tests/landlock.rs`, in which I use `env!("CARGO_BIN_EXE_codex-linux-sandbox")` as the value for `codex_linux_sandbox_exe` since `std::env::current_exe()` is not appropriate in that case.
2025-05-23 11:37:07 -07:00
clap = { version = "4", features = ["derive"] }
codex-core = { path = "../core" }
fix: move arg0 handling out of codex-linux-sandbox and into its own crate (#1697)
2025-07-28 08:31:24 -07:00
landlock = "0.4.1"
chore(deps): bump libc from 0.2.174 to 0.2.175 in /codex-rs (#2406) Bumps [libc](https://github.com/rust-lang/libc) from 0.2.174 to 0.2.175. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/libc/releases">libc's releases</a>.</em></p> <blockquote> <h2>0.2.175</h2> <h3>Added</h3> <ul> <li>AIX: Add <code>getpeereid</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4524">#4524</a>)</li> <li>AIX: Add <code>struct ld_info</code> and friends (<a href="https://redirect.github.com/rust-lang/libc/pull/4578">#4578</a>)</li> <li>AIX: Retore <code>struct winsize</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4577">#4577</a>)</li> <li>Android: Add UDP socket option constants (<a href="https://redirect.github.com/rust-lang/libc/pull/4619">#4619</a>)</li> <li>Android: Add <code>CLONE_CLEAR_SIGHAND</code> and <code>CLONE_INTO_CGROUP</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4502">#4502</a>)</li> <li>Android: Add more <code>prctl</code> constants (<a href="https://redirect.github.com/rust-lang/libc/pull/4531">#4531</a>)</li> <li>FreeBSD Add further TCP stack-related constants (<a href="https://redirect.github.com/rust-lang/libc/pull/4196">#4196</a>)</li> <li>FreeBSD x86-64: Add <code>mcontext_t.mc_tlsbase </code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4503">#4503</a>)</li> <li>FreeBSD15: Add <code>kinfo_proc.ki_uerrmsg</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4552">#4552</a>)</li> <li>FreeBSD: Add <code>in_conninfo</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4482">#4482</a>)</li> <li>FreeBSD: Add <code>xinpgen</code> and related types (<a href="https://redirect.github.com/rust-lang/libc/pull/4482">#4482</a>)</li> <li>FreeBSD: Add <code>xktls_session</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4482">#4482</a>)</li> <li>Haiku: Add functionality from <code>libbsd</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4221">#4221</a>)</li> <li>Linux: Add <code>SECBIT_*</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4480">#4480</a>)</li> <li>NetBSD, OpenBSD: Export <code>ioctl</code> request generator macros (<a href="https://redirect.github.com/rust-lang/libc/pull/4460">#4460</a>)</li> <li>NetBSD: Add <code>ptsname_r</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4608">#4608</a>)</li> <li>RISCV32: Add time-related syscalls (<a href="https://redirect.github.com/rust-lang/libc/pull/4612">#4612</a>)</li> <li>Solarish: Add <code>strftime*</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4453">#4453</a>)</li> <li>linux: Add <code>EXEC_RESTRICT_*</code> and <code>EXEC_DENY_*</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4545">#4545</a>)</li> </ul> <h3>Changed</h3> <ul> <li>AIX: Add <code>const</code> to signatures to be consistent with other platforms (<a href="https://redirect.github.com/rust-lang/libc/pull/4563">#4563</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>AIX: Fix the type of <code>struct statvfs.f_fsid</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4576">#4576</a>)</li> <li>AIX: Fix the type of constants for the <code>ioctl</code> <code>request</code> argument (<a href="https://redirect.github.com/rust-lang/libc/pull/4582">#4582</a>)</li> <li>AIX: Fix the types of <code>stat{,64}.st_*tim</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4597">#4597</a>)</li> <li>AIX: Use unique <code>errno</code> values (<a href="https://redirect.github.com/rust-lang/libc/pull/4507">#4507</a>)</li> <li>Build: Fix an incorrect <code>target_os</code> -&gt; <code>target_arch</code> check (<a href="https://redirect.github.com/rust-lang/libc/pull/4550">#4550</a>)</li> <li>FreeBSD: Fix the type of <code>xktls_session_onedir.ifnet</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4552">#4552</a>)</li> <li>Mips64 musl: Fix the type of <code>nlink_t</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4509">#4509</a>)</li> <li>Mips64 musl: Use a special MIPS definition of <code>stack_t</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4528">#4528</a>)</li> <li>Mips64: Fix <code>SI_TIMER</code>, <code>SI_MESGQ</code> and <code>SI_ASYNCIO</code> definitions (<a href="https://redirect.github.com/rust-lang/libc/pull/4529">#4529</a>)</li> <li>Musl Mips64: Swap the order of <code>si_errno</code> and <code>si_code</code> in <code>siginfo_t</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4530">#4530</a>)</li> <li>Musl Mips64: Use a special MIPS definition of <code>statfs</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4527">#4527</a>)</li> <li>Musl: Fix the definition of <code>fanotify_event_metadata</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4510">#4510</a>)</li> <li>NetBSD: Correct <code>enum fae_action</code> to be <code>#[repr(C)]</code> (<a href="https://github.com/rust-lang/libc/commit/60a8cfd564f83164d45b9533ff7a0d7371878f2a">#60a8cfd5</a>)</li> <li>PSP: Correct <code>char</code> -&gt; <code>c_char</code> (<a href="https://github.com/rust-lang/libc/commit/eaab4fc3f05dc646a953d4fd5ba46dfa1f8bd6f6">eaab4fc3</a>)</li> <li>PowerPC musl: Fix <code>termios</code> definitions (<a href="https://redirect.github.com/rust-lang/libc/pull/4518">#4518</a>)</li> <li>PowerPC musl: Fix the definition of <code>EDEADLK</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4517">#4517</a>)</li> <li>PowerPC musl: Fix the definition of <code>NCCS</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4513">#4513</a>)</li> <li>PowerPC musl: Fix the definitions of <code>MAP_LOCKED</code> and <code>MAP_NORESERVE</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4516">#4516</a>)</li> <li>PowerPC64 musl: Fix the definition of <code>shmid_ds</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4519">#4519</a>)</li> </ul> <h3>Deprecated</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/libc/blob/0.2.175/CHANGELOG.md">libc's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/rust-lang/libc/compare/0.2.174...0.2.175">0.2.175</a> - 2025-08-10</h2> <h3>Added</h3> <ul> <li>AIX: Add <code>getpeereid</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4524">#4524</a>)</li> <li>AIX: Add <code>struct ld_info</code> and friends (<a href="https://redirect.github.com/rust-lang/libc/pull/4578">#4578</a>)</li> <li>AIX: Retore <code>struct winsize</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4577">#4577</a>)</li> <li>Android: Add UDP socket option constants (<a href="https://redirect.github.com/rust-lang/libc/pull/4619">#4619</a>)</li> <li>Android: Add <code>CLONE_CLEAR_SIGHAND</code> and <code>CLONE_INTO_CGROUP</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4502">#4502</a>)</li> <li>Android: Add more <code>prctl</code> constants (<a href="https://redirect.github.com/rust-lang/libc/pull/4531">#4531</a>)</li> <li>FreeBSD Add further TCP stack-related constants (<a href="https://redirect.github.com/rust-lang/libc/pull/4196">#4196</a>)</li> <li>FreeBSD x86-64: Add <code>mcontext_t.mc_tlsbase </code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4503">#4503</a>)</li> <li>FreeBSD15: Add <code>kinfo_proc.ki_uerrmsg</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4552">#4552</a>)</li> <li>FreeBSD: Add <code>in_conninfo</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4482">#4482</a>)</li> <li>FreeBSD: Add <code>xinpgen</code> and related types (<a href="https://redirect.github.com/rust-lang/libc/pull/4482">#4482</a>)</li> <li>FreeBSD: Add <code>xktls_session</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4482">#4482</a>)</li> <li>Haiku: Add functionality from <code>libbsd</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4221">#4221</a>)</li> <li>Linux: Add <code>SECBIT_*</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4480">#4480</a>)</li> <li>NetBSD, OpenBSD: Export <code>ioctl</code> request generator macros (<a href="https://redirect.github.com/rust-lang/libc/pull/4460">#4460</a>)</li> <li>NetBSD: Add <code>ptsname_r</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4608">#4608</a>)</li> <li>RISCV32: Add time-related syscalls (<a href="https://redirect.github.com/rust-lang/libc/pull/4612">#4612</a>)</li> <li>Solarish: Add <code>strftime*</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4453">#4453</a>)</li> <li>linux: Add <code>EXEC_RESTRICT_*</code> and <code>EXEC_DENY_*</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4545">#4545</a>)</li> </ul> <h3>Changed</h3> <ul> <li>AIX: Add <code>const</code> to signatures to be consistent with other platforms (<a href="https://redirect.github.com/rust-lang/libc/pull/4563">#4563</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>AIX: Fix the type of <code>struct statvfs.f_fsid</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4576">#4576</a>)</li> <li>AIX: Fix the type of constants for the <code>ioctl</code> <code>request</code> argument (<a href="https://redirect.github.com/rust-lang/libc/pull/4582">#4582</a>)</li> <li>AIX: Fix the types of <code>stat{,64}.st_*tim</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4597">#4597</a>)</li> <li>AIX: Use unique <code>errno</code> values (<a href="https://redirect.github.com/rust-lang/libc/pull/4507">#4507</a>)</li> <li>Build: Fix an incorrect <code>target_os</code> -&gt; <code>target_arch</code> check (<a href="https://redirect.github.com/rust-lang/libc/pull/4550">#4550</a>)</li> <li>FreeBSD: Fix the type of <code>xktls_session_onedir.ifnet</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4552">#4552</a>)</li> <li>Mips64 musl: Fix the type of <code>nlink_t</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4509">#4509</a>)</li> <li>Mips64 musl: Use a special MIPS definition of <code>stack_t</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4528">#4528</a>)</li> <li>Mips64: Fix <code>SI_TIMER</code>, <code>SI_MESGQ</code> and <code>SI_ASYNCIO</code> definitions (<a href="https://redirect.github.com/rust-lang/libc/pull/4529">#4529</a>)</li> <li>Musl Mips64: Swap the order of <code>si_errno</code> and <code>si_code</code> in <code>siginfo_t</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4530">#4530</a>)</li> <li>Musl Mips64: Use a special MIPS definition of <code>statfs</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4527">#4527</a>)</li> <li>Musl: Fix the definition of <code>fanotify_event_metadata</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4510">#4510</a>)</li> <li>NetBSD: Correct <code>enum fae_action</code> to be <code>#[repr(C)]</code> (<a href="https://github.com/rust-lang/libc/commit/60a8cfd564f83164d45b9533ff7a0d7371878f2a">#60a8cfd5</a>)</li> <li>PSP: Correct <code>char</code> -&gt; <code>c_char</code> (<a href="https://github.com/rust-lang/libc/commit/eaab4fc3f05dc646a953d4fd5ba46dfa1f8bd6f6">eaab4fc3</a>)</li> <li>PowerPC musl: Fix <code>termios</code> definitions (<a href="https://redirect.github.com/rust-lang/libc/pull/4518">#4518</a>)</li> <li>PowerPC musl: Fix the definition of <code>EDEADLK</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4517">#4517</a>)</li> <li>PowerPC musl: Fix the definition of <code>NCCS</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4513">#4513</a>)</li> <li>PowerPC musl: Fix the definitions of <code>MAP_LOCKED</code> and <code>MAP_NORESERVE</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4516">#4516</a>)</li> <li>PowerPC64 musl: Fix the definition of <code>shmid_ds</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4519">#4519</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rust-lang/libc/commit/84e26e6b166a6634d679fbf44e957102846b8a03"><code>84e26e6</code></a> Update the lockfile</li> <li><a href="https://github.com/rust-lang/libc/commit/4d04aee906450fed27305de30c23f518166f919f"><code>4d04aee</code></a> chore: release libc 0.2.175</li> <li><a href="https://github.com/rust-lang/libc/commit/94a7f32972a352fe348edbd49b06995542f3c5f5"><code>94a7f32</code></a> cleanup: Format a file that was missed</li> <li><a href="https://github.com/rust-lang/libc/commit/172527344a1d92b2ca7f88fe2b1bbde4b02de58b"><code>1725273</code></a> Rename the ctest file from <code>main</code> to <code>ctest</code></li> <li><a href="https://github.com/rust-lang/libc/commit/e9b021b7cd3d3f045ce8ec743d344e56b14f7244"><code>e9b021b</code></a> freebsd adding further TCP stack related constants.</li> <li><a href="https://github.com/rust-lang/libc/commit/9606a2918b1f370119af8022d61b0ff03175beb5"><code>9606a29</code></a> freebsd15: Add ki_uerrmsg to struct kinfo_proc</li> <li><a href="https://github.com/rust-lang/libc/commit/2816bc2f66c1c62ec5a616fb499a2b27bbba4a3c"><code>2816bc2</code></a> libc-test: include sys/ktls.h on freebsd</li> <li><a href="https://github.com/rust-lang/libc/commit/adfe283365cff1c6a05cddeca8afeaa667d1c637"><code>adfe283</code></a> libc-test: Account for xktls_session_onedir::gen (freebsd)</li> <li><a href="https://github.com/rust-lang/libc/commit/4cc1bf43310e6a31636e4c4eb31e78e702938f50"><code>4cc1bf4</code></a> freebsd: Document avoidance of reserved name <code>gen</code></li> <li><a href="https://github.com/rust-lang/libc/commit/7cdcaa62396816db2177cb663a4bf57f79603a52"><code>7cdcaa6</code></a> freebsd: Fix type of struct xktls_session_onedir, field ifnet</li> <li>Additional commits viewable in <a href="https://github.com/rust-lang/libc/compare/0.2.174...0.2.175">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=libc&package-manager=cargo&previous-version=0.2.174&new-version=0.2.175)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-18 16:17:29 -07:00
libc = "0.2.175"
fix: move arg0 handling out of codex-linux-sandbox and into its own crate (#1697)
2025-07-28 08:31:24 -07:00
seccompiler = "0.5.0"
fix: overhaul how we spawn commands under seccomp/landlock on Linux (#1086) Historically, we spawned the Seatbelt and Landlock sandboxes in substantially different ways: For **Seatbelt**, we would run `/usr/bin/sandbox-exec` with our policy specified as an arg followed by the original command: https://github.com/openai/codex/blob/d1de7bb383552e8fadd94be79d65d188e00fd562/codex-rs/core/src/exec.rs#L147-L219 For **Landlock/Seccomp**, we would do `tokio::runtime::Builder::new_current_thread()`, _invoke Landlock/Seccomp APIs to modify the permissions of that new thread_, and then spawn the command: https://github.com/openai/codex/blob/d1de7bb383552e8fadd94be79d65d188e00fd562/codex-rs/core/src/exec_linux.rs#L28-L49 While it is neat that Landlock/Seccomp supports applying a policy to only one thread without having to apply it to the entire process, it requires us to maintain two different codepaths and is a bit harder to reason about. The tipping point was https://github.com/openai/codex/pull/1061, in which we had to start building up the `env` in an unexpected way for the existing Landlock/Seccomp approach to continue to work. This PR overhauls things so that we do similar things for Mac and Linux. It turned out that we were already building our own "helper binary" comparable to Mac's `sandbox-exec` as part of the `cli` crate: https://github.com/openai/codex/blob/d1de7bb383552e8fadd94be79d65d188e00fd562/codex-rs/cli/Cargo.toml#L10-L12 We originally created this to build a small binary to include with the Node.js version of the Codex CLI to provide support for Linux sandboxing. Though the sticky bit is that, at this point, we still want to deploy the Rust version of Codex as a single, standalone binary rather than a CLI and a supporting sandboxing binary. To satisfy this goal, we use "the arg0 trick," in which we: * use `std::env::current_exe()` to get the path to the CLI that is currently running * use the CLI as the `program` for the `Command` * set `"codex-linux-sandbox"` as arg0 for the `Command` A CLI that supports sandboxing should check arg0 at the start of the program. If it is `"codex-linux-sandbox"`, it must invoke `codex_linux_sandbox::run_main()`, which runs the CLI as if it were `codex-linux-sandbox`. When acting as `codex-linux-sandbox`, we make the appropriate Landlock/Seccomp API calls and then use `execvp(3)` to spawn the original command, so do _replace_ the process rather than spawn a subprocess. Incidentally, we do this before starting the Tokio runtime, so the process should only have one thread when `execvp(3)` is called. Because the `core` crate that needs to spawn the Linux sandboxing is not a CLI in its own right, this means that every CLI that includes `core` and relies on this behavior has to (1) implement it and (2) provide the path to the sandboxing executable. While the path is almost always `std::env::current_exe()`, we needed to make this configurable for integration tests, so `Config` now has a `codex_linux_sandbox_exe: Option<PathBuf>` property to facilitate threading this through, introduced in https://github.com/openai/codex/pull/1089. This common pattern is now captured in `codex_linux_sandbox::run_with_sandbox()` and all of the `main.rs` functions that should use it have been updated as part of this PR. The `codex-linux-sandbox` crate added to the Cargo workspace as part of this PR now has the bulk of the Landlock/Seccomp logic, which makes `core` a bit simpler. Indeed, `core/src/exec_linux.rs` and `core/src/landlock.rs` were removed/ported as part of this PR. I also moved the unit tests for this code into an integration test, `linux-sandbox/tests/landlock.rs`, in which I use `env!("CARGO_BIN_EXE_codex-linux-sandbox")` as the value for `codex_linux_sandbox_exe` since `std::env::current_exe()` is not appropriate in that case.
2025-05-23 11:37:07 -07:00
fix: move arg0 handling out of codex-linux-sandbox and into its own crate (#1697)
2025-07-28 08:31:24 -07:00
[target.'cfg(target_os = "linux")'.dev-dependencies]
fix: overhaul how we spawn commands under seccomp/landlock on Linux (#1086) Historically, we spawned the Seatbelt and Landlock sandboxes in substantially different ways: For **Seatbelt**, we would run `/usr/bin/sandbox-exec` with our policy specified as an arg followed by the original command: https://github.com/openai/codex/blob/d1de7bb383552e8fadd94be79d65d188e00fd562/codex-rs/core/src/exec.rs#L147-L219 For **Landlock/Seccomp**, we would do `tokio::runtime::Builder::new_current_thread()`, _invoke Landlock/Seccomp APIs to modify the permissions of that new thread_, and then spawn the command: https://github.com/openai/codex/blob/d1de7bb383552e8fadd94be79d65d188e00fd562/codex-rs/core/src/exec_linux.rs#L28-L49 While it is neat that Landlock/Seccomp supports applying a policy to only one thread without having to apply it to the entire process, it requires us to maintain two different codepaths and is a bit harder to reason about. The tipping point was https://github.com/openai/codex/pull/1061, in which we had to start building up the `env` in an unexpected way for the existing Landlock/Seccomp approach to continue to work. This PR overhauls things so that we do similar things for Mac and Linux. It turned out that we were already building our own "helper binary" comparable to Mac's `sandbox-exec` as part of the `cli` crate: https://github.com/openai/codex/blob/d1de7bb383552e8fadd94be79d65d188e00fd562/codex-rs/cli/Cargo.toml#L10-L12 We originally created this to build a small binary to include with the Node.js version of the Codex CLI to provide support for Linux sandboxing. Though the sticky bit is that, at this point, we still want to deploy the Rust version of Codex as a single, standalone binary rather than a CLI and a supporting sandboxing binary. To satisfy this goal, we use "the arg0 trick," in which we: * use `std::env::current_exe()` to get the path to the CLI that is currently running * use the CLI as the `program` for the `Command` * set `"codex-linux-sandbox"` as arg0 for the `Command` A CLI that supports sandboxing should check arg0 at the start of the program. If it is `"codex-linux-sandbox"`, it must invoke `codex_linux_sandbox::run_main()`, which runs the CLI as if it were `codex-linux-sandbox`. When acting as `codex-linux-sandbox`, we make the appropriate Landlock/Seccomp API calls and then use `execvp(3)` to spawn the original command, so do _replace_ the process rather than spawn a subprocess. Incidentally, we do this before starting the Tokio runtime, so the process should only have one thread when `execvp(3)` is called. Because the `core` crate that needs to spawn the Linux sandboxing is not a CLI in its own right, this means that every CLI that includes `core` and relies on this behavior has to (1) implement it and (2) provide the path to the sandboxing executable. While the path is almost always `std::env::current_exe()`, we needed to make this configurable for integration tests, so `Config` now has a `codex_linux_sandbox_exe: Option<PathBuf>` property to facilitate threading this through, introduced in https://github.com/openai/codex/pull/1089. This common pattern is now captured in `codex_linux_sandbox::run_with_sandbox()` and all of the `main.rs` functions that should use it have been updated as part of this PR. The `codex-linux-sandbox` crate added to the Cargo workspace as part of this PR now has the bulk of the Landlock/Seccomp logic, which makes `core` a bit simpler. Indeed, `core/src/exec_linux.rs` and `core/src/landlock.rs` were removed/ported as part of this PR. I also moved the unit tests for this code into an integration test, `linux-sandbox/tests/landlock.rs`, in which I use `env!("CARGO_BIN_EXE_codex-linux-sandbox")` as the value for `codex_linux_sandbox_exe` since `std::env::current_exe()` is not appropriate in that case.
2025-05-23 11:37:07 -07:00
tempfile = "3"
tokio = { version = "1", features = [
"io-std",
"macros",
"process",
"rt-multi-thread",
"signal",
] }
Reference in New Issue Copy Permalink