Revert "fix: canonicalize the writeable paths used in seatbelt policy… (#370)

This reverts commit 3356ac0aef. related #330
2025-04-18 19:11:34 -04:00
parent 8e2e77fafb
commit 9a046dfcaa
1 changed files with 1 additions and 4 deletions
--- a/codex-cli/src/utils/agent/sandbox/macos-seatbelt.ts
+++ b/codex-cli/src/utils/agent/sandbox/macos-seatbelt.ts
@@ -3,7 +3,6 @@ import type { SpawnOptions } from "child_process";

 import { exec } from "./raw-exec.js";
 import { log } from "../log.js";
-import { realpathSync } from "fs";
 import { CONFIG_DIR } from "src/utils/config.js";

 function getCommonRoots() {
@@ -30,9 +29,7 @@ export function execWithSeatbelt(
    const { policies, params } = writableRoots
      .map((root, index) => ({
        policy: `(subpath (param "WRITABLE_ROOT_${index}"))`,
-        // the kernel resolves symlinks before handing them to seatbelt for checking
-        // so store the canonicalized form in the policy to be compared against
-        param: `-DWRITABLE_ROOT_${index}=${realpathSync(root)}`,
+        param: `-DWRITABLE_ROOT_${index}=${root}`,
      }))
      .reduce(
        (