codex-cli/scripts/run_in_container.sh

#!/bin/bash
set -e

# Usage:
#   ./run_in_container.sh [--work_dir directory] "COMMAND"
#
#   Examples:
#     ./run_in_container.sh --work_dir project/code "ls -la"
#     ./run_in_container.sh "echo Hello, world!"

# Default the work directory to WORKSPACE_ROOT_DIR if not provided.
WORK_DIR="${WORKSPACE_ROOT_DIR:-$(pwd)}"

# Parse optional flag.
if [ "$1" = "--work_dir" ]; then
  if [ -z "$2" ]; then
    echo "Error: --work_dir flag provided but no directory specified."
    exit 1
  fi
  WORK_DIR="$2"
  shift 2
fi

WORK_DIR=$(realpath "$WORK_DIR")

# Generate a unique container name based on the normalized work directory
CONTAINER_NAME="codex_$(echo "$WORK_DIR" | sed 's/\//_/g' | sed 's/[^a-zA-Z0-9_-]//g')"

# Define cleanup to remove the container on script exit, ensuring no leftover containers
cleanup() {
  docker rm -f "$CONTAINER_NAME" >/dev/null 2>&1 || true
}
# Trap EXIT to invoke cleanup regardless of how the script terminates
trap cleanup EXIT

# Ensure a command is provided.
if [ "$#" -eq 0 ]; then
  echo "Usage: $0 [--work_dir directory] \"COMMAND\""
  exit 1
fi

# Check if WORK_DIR is set.
if [ -z "$WORK_DIR" ]; then
  echo "Error: No work directory provided and WORKSPACE_ROOT_DIR is not set."
  exit 1
fi

# Kill any existing container for the working directory using cleanup(), centralizing removal logic.
cleanup

# Run the container with the specified directory mounted at the same path inside the container.
docker run --name "$CONTAINER_NAME" -d \
  -e OPENAI_API_KEY \
  --cap-add=NET_ADMIN \
  --cap-add=NET_RAW \
  -v "$WORK_DIR:/app$WORK_DIR" \
  codex \
  sleep infinity

# Initialize the firewall inside the container with root privileges.
docker exec --user root "$CONTAINER_NAME" /usr/local/bin/init_firewall.sh

# Execute the provided command in the container, ensuring it runs in the work directory.
# We use a parameterized bash command to safely handle the command and directory.

quoted_args=""
for arg in "$@"; do
  quoted_args+=" $(printf '%q' "$arg")"
done
docker exec -it "$CONTAINER_NAME" bash -c "cd \"/app$WORK_DIR\" && codex --full-auto ${quoted_args}"
Initial commit Signed-off-by: Ilan Bigio <ilan@openai.com> 2025-04-16 12:56:08 -04:00			`#!/bin/bash`
(fix) update Docker container scripts (#47) * Fix Docker container scripts Signed-off-by:: Eric Burke <eburke@openai.com> * Build codex TGZ * fix run_in_container --------- Co-authored-by: Kyle Kosic <kylekosic@openai.com> 2025-04-16 12:02:41 -07:00			`set -e`
Initial commit Signed-off-by: Ilan Bigio <ilan@openai.com> 2025-04-16 12:56:08 -04:00
			`# Usage:`
			`# ./run_in_container.sh [--work_dir directory] "COMMAND"`
			`#`
			`# Examples:`
			`# ./run_in_container.sh --work_dir project/code "ls -la"`
			`# ./run_in_container.sh "echo Hello, world!"`

			`# Default the work directory to WORKSPACE_ROOT_DIR if not provided.`
(fix) update Docker container scripts (#47) * Fix Docker container scripts Signed-off-by:: Eric Burke <eburke@openai.com> * Build codex TGZ * fix run_in_container --------- Co-authored-by: Kyle Kosic <kylekosic@openai.com> 2025-04-16 12:02:41 -07:00			`WORK_DIR="${WORKSPACE_ROOT_DIR:-$(pwd)}"`
Initial commit Signed-off-by: Ilan Bigio <ilan@openai.com> 2025-04-16 12:56:08 -04:00
			`# Parse optional flag.`
			`if [ "$1" = "--work_dir" ]; then`
			`if [ -z "$2" ]; then`
			`echo "Error: --work_dir flag provided but no directory specified."`
			`exit 1`
			`fi`
			`WORK_DIR="$2"`
			`shift 2`
			`fi`

(fix) update Docker container scripts (#47) * Fix Docker container scripts Signed-off-by:: Eric Burke <eburke@openai.com> * Build codex TGZ * fix run_in_container --------- Co-authored-by: Kyle Kosic <kylekosic@openai.com> 2025-04-16 12:02:41 -07:00			`WORK_DIR=$(realpath "$WORK_DIR")`

Fix #371 Allow multiple containers on same machine (#373) - Docker container name based on work directory - Centralize container removal logic - Improve quoting for command arguments - Ensure workdir is always set and normalized Resolves: #371 Signed-off-by: BadPirate <badpirate@gmail.com> Signed-off-by: BadPirate <badpirate@gmail.com> 2025-04-18 16:48:07 -07:00			`# Generate a unique container name based on the normalized work directory`
			`CONTAINER_NAME="codex_$(echo "$WORK_DIR" \| sed 's/\//_/g' \| sed 's/[^a-zA-Z0-9_-]//g')"`

			`# Define cleanup to remove the container on script exit, ensuring no leftover containers`
			`cleanup() {`
			`docker rm -f "$CONTAINER_NAME" >/dev/null 2>&1 \|\| true`
			`}`
			`# Trap EXIT to invoke cleanup regardless of how the script terminates`
			`trap cleanup EXIT`

Initial commit Signed-off-by: Ilan Bigio <ilan@openai.com> 2025-04-16 12:56:08 -04:00			`# Ensure a command is provided.`
			`if [ "$#" -eq 0 ]; then`
			`echo "Usage: $0 [--work_dir directory] \"COMMAND\""`
			`exit 1`
			`fi`

			`# Check if WORK_DIR is set.`
			`if [ -z "$WORK_DIR" ]; then`
			`echo "Error: No work directory provided and WORKSPACE_ROOT_DIR is not set."`
			`exit 1`
			`fi`

Fix #371 Allow multiple containers on same machine (#373) - Docker container name based on work directory - Centralize container removal logic - Improve quoting for command arguments - Ensure workdir is always set and normalized Resolves: #371 Signed-off-by: BadPirate <badpirate@gmail.com> Signed-off-by: BadPirate <badpirate@gmail.com> 2025-04-18 16:48:07 -07:00			`# Kill any existing container for the working directory using cleanup(), centralizing removal logic.`
			`cleanup`
Initial commit Signed-off-by: Ilan Bigio <ilan@openai.com> 2025-04-16 12:56:08 -04:00
			`# Run the container with the specified directory mounted at the same path inside the container.`
Fix #371 Allow multiple containers on same machine (#373) - Docker container name based on work directory - Centralize container removal logic - Improve quoting for command arguments - Ensure workdir is always set and normalized Resolves: #371 Signed-off-by: BadPirate <badpirate@gmail.com> Signed-off-by: BadPirate <badpirate@gmail.com> 2025-04-18 16:48:07 -07:00			`docker run --name "$CONTAINER_NAME" -d \`
Initial commit Signed-off-by: Ilan Bigio <ilan@openai.com> 2025-04-16 12:56:08 -04:00			`-e OPENAI_API_KEY \`
			`--cap-add=NET_ADMIN \`
			`--cap-add=NET_RAW \`
(fix) update Docker container scripts (#47) * Fix Docker container scripts Signed-off-by:: Eric Burke <eburke@openai.com> * Build codex TGZ * fix run_in_container --------- Co-authored-by: Kyle Kosic <kylekosic@openai.com> 2025-04-16 12:02:41 -07:00			`-v "$WORK_DIR:/app$WORK_DIR" \`
Initial commit Signed-off-by: Ilan Bigio <ilan@openai.com> 2025-04-16 12:56:08 -04:00			`codex \`
			`sleep infinity`

fix: do not grant "node" user sudo access when using run_in_container.sh (#627) This exploration came out of my review of https://github.com/openai/codex/pull/414. `run_in_container.sh` runs Codex in a Docker container like so: https://github.com/openai/codex/blob/bd1c3deed9f4f103e755baa3f3a45e7a1c1a134b/codex-cli/scripts/run_in_container.sh#L51-L58 But then runs `init_firewall.sh` to set up the firewall to restrict network access. Previously, we did this by adding `/usr/local/bin/init_firewall.sh` to the container and adding a special rule in `/etc/sudoers.d` so the unprivileged user (`node`) could run the privileged `init_firewall.sh` script to open up the firewall for `api.openai.com`: https://github.com/openai/codex/blob/31d0d7a305305ad557035a2edcab60b6be5018d8/codex-cli/Dockerfile#L51-L56 Though I believe this is unnecessary, as we can use `docker exec --user root` from _outside_ the container to run `/usr/local/bin/init_firewall.sh` as `root` without adding a special case in `/etc/sudoers.d`. This appears to work as expected, as I tested it by doing the following: ``` ./codex-cli/scripts/build_container.sh ./codex-cli/scripts/run_in_container.sh 'what is the output of `curl https://www.openai.com`' ``` This was a bit funny because in some of my runs, Codex wasn't convinced it had network access, so I had to convince it to try the `curl` request: ![image](https://github.com/user-attachments/assets/80bd487c-74e2-4cd3-aa0f-26a6edd8d3f7) As you can see, when it ran `curl -s https\://www.openai.com`, it a connection failure, so the network policy appears to be working as intended. Note this PR also removes `sudo` from the `apt-get install` list in the `Dockerfile`. 2025-04-24 14:25:02 -07:00			`# Initialize the firewall inside the container with root privileges.`
			`docker exec --user root "$CONTAINER_NAME" /usr/local/bin/init_firewall.sh`
Initial commit Signed-off-by: Ilan Bigio <ilan@openai.com> 2025-04-16 12:56:08 -04:00
			`# Execute the provided command in the container, ensuring it runs in the work directory.`
			`# We use a parameterized bash command to safely handle the command and directory.`
(fix) update Docker container scripts (#47) * Fix Docker container scripts Signed-off-by:: Eric Burke <eburke@openai.com> * Build codex TGZ * fix run_in_container --------- Co-authored-by: Kyle Kosic <kylekosic@openai.com> 2025-04-16 12:02:41 -07:00
			`quoted_args=""`
			`for arg in "$@"; do`
			`quoted_args+=" $(printf '%q' "$arg")"`
			`done`
Fix #371 Allow multiple containers on same machine (#373) - Docker container name based on work directory - Centralize container removal logic - Improve quoting for command arguments - Ensure workdir is always set and normalized Resolves: #371 Signed-off-by: BadPirate <badpirate@gmail.com> Signed-off-by: BadPirate <badpirate@gmail.com> 2025-04-18 16:48:07 -07:00			`docker exec -it "$CONTAINER_NAME" bash -c "cd \"/app$WORK_DIR\" && codex --full-auto ${quoted_args}"`