From 9a046dfcaa5dcc2df8551f4c491ab2bdc2d08055 Mon Sep 17 00:00:00 2001
From: Jon Church <me@jonchurch.com>
Date: Fri, 18 Apr 2025 19:11:34 -0400
Subject: [PATCH] =?UTF-8?q?Revert=20"fix:=20canonicalize=20the=20writeable?=
 =?UTF-8?q?=20paths=20used=20in=20seatbelt=20policy=E2=80=A6=20(#370)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This reverts commit 3356ac0aefac43d45973b994dcabfb8125779cd7.

related #330
---
 codex-cli/src/utils/agent/sandbox/macos-seatbelt.ts | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/codex-cli/src/utils/agent/sandbox/macos-seatbelt.ts b/codex-cli/src/utils/agent/sandbox/macos-seatbelt.ts
index 77f7216f..03174582 100644
--- a/codex-cli/src/utils/agent/sandbox/macos-seatbelt.ts
+++ b/codex-cli/src/utils/agent/sandbox/macos-seatbelt.ts
@@ -3,7 +3,6 @@ import type { SpawnOptions } from "child_process";
 
 import { exec } from "./raw-exec.js";
 import { log } from "../log.js";
-import { realpathSync } from "fs";
 import { CONFIG_DIR } from "src/utils/config.js";
 
 function getCommonRoots() {
@@ -30,9 +29,7 @@ export function execWithSeatbelt(
     const { policies, params } = writableRoots
       .map((root, index) => ({
         policy: `(subpath (param "WRITABLE_ROOT_${index}"))`,
-        // the kernel resolves symlinks before handing them to seatbelt for checking
-        // so store the canonicalized form in the policy to be compared against
-        param: `-DWRITABLE_ROOT_${index}=${realpathSync(root)}`,
+        param: `-DWRITABLE_ROOT_${index}=${root}`,
       }))
       .reduce(
         (