valknar/llmx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: ensure cwd for conversation and sandbox are separate concerns (#3874)

Browse Source 
Previous to this PR, both of these functions take a single `cwd`:


71038381aa/codex-rs/core/src/seatbelt.rs (L19-L25)


71038381aa/codex-rs/core/src/landlock.rs (L16-L23)

whereas `cwd` and `sandbox_cwd` should be set independently (fixed in
this PR).

Added `sandbox_distinguishes_command_and_policy_cwds()` to
`codex-rs/exec/tests/suite/sandbox.rs` to verify this.
This commit is contained in:
Michael Bolin
2025-09-18 14:37:06 -07:00
committed by GitHub
parent 62258df92f
commit 8595237505
12 changed files with 209 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
codex-rs/mcp-server/src/codex_message_processor.rs
View File

@@ -589,12 +589,14 @@ impl CodexMessageProcessor {
let codex_linux_sandbox_exe = self.config.codex_linux_sandbox_exe.clone();
let outgoing = self.outgoing.clone();
let req_id = request_id;
let sandbox_cwd = self.config.cwd.clone();
tokio::spawn(async move {
match codex_core::exec::process_exec_tool_call(
exec_params,
sandbox_type,
&effective_policy,
sandbox_cwd.as_path(),
&codex_linux_sandbox_exe,
None,
)