fix: move general sandbox tests to codex-rs/core/tests/sandbox.rs (#2317)

Previous to this PR, `codex-rs/core/tests/sandbox.rs` contained integration tests that were specific to Seatbelt. This PR moves those tests to `codex-rs/core/src/seatbelt.rs` and designates `codex-rs/core/tests/sandbox.rs` to be used as the home for cross-platform (well, Mac and Linux...) sandbox tests. To start, this migrates `python_multiprocessing_lock_works_under_seatbelt()` from #1823 to the new `sandbox.rs` because this is the type of thing that should work on both Mac _and_ Linux, though I still need to do some work to clean up the test so it works on both platforms.
2025-08-14 14:48:38 -07:00
parent 992e81d9b5
commit a8c7f5391c
3 changed files with 232 additions and 233 deletions
--- a/codex-rs/core/src/seatbelt.rs
+++ b/codex-rs/core/src/seatbelt.rs
@@ -301,59 +301,6 @@ mod tests {
        assert_eq!(expected_args, args);
    }

-    #[test]
-    fn seatbelt_base_policy_allows_ipc_posix_sem() {
-        assert!(
-            MACOS_SEATBELT_BASE_POLICY.contains("(allow ipc-posix-sem)"),
-            "base policy should allow ipc-posix-sem"
-        );
-    }
-
-    #[cfg(target_os = "macos")]
-    #[tokio::test]
-    async fn python_multiprocessing_lock_works_under_seatbelt() {
-        use super::spawn_command_under_seatbelt;
-        use crate::spawn::StdioPolicy;
-        use std::collections::HashMap;
-
-        let policy = SandboxPolicy::WorkspaceWrite {
-            writable_roots: vec![],
-            network_access: false,
-            include_default_writable_roots: true,
-        };
-
-        let python_code = r#"import multiprocessing
-from multiprocessing import Lock, Process
-
-def f(lock):
-    with lock:
-        print("Lock acquired in child process")
-
-if __name__ == '__main__':
-    lock = Lock()
-    p = Process(target=f, args=(lock,))
-    p.start()
-    p.join()
-"#;
-
-        let mut child = spawn_command_under_seatbelt(
-            vec![
-                "python3".to_string(),
-                "-c".to_string(),
-                python_code.to_string(),
-            ],
-            &policy,
-            std::env::current_dir().expect("should be able to get current dir"),
-            StdioPolicy::RedirectForShellTool,
-            HashMap::new(),
-        )
-        .await
-        .expect("should be able to spawn python under seatbelt");
-
-        let status = child.wait().await.expect("should wait for child process");
-        assert!(status.success(), "python exited with {status:?}");
-    }
-
    struct PopulatedTmp {
        root_with_git: PathBuf,
        root_without_git: PathBuf,