feat: add codex_linux_sandbox_exe: Option<PathBuf> field to Config (#1089)

https://github.com/openai/codex/pull/1086 is a work-in-progress to make Linux sandboxing work more like Seatbelt where, for the command we want to sandbox, we build up the command and then hand it, and some sandbox configuration flags, to another command to set up the sandbox and then run it. In the case of Seatbelt, macOS provides this helper binary and provides it at `/usr/bin/sandbox-exec`. For Linux, we have to build our own and pass it through (which is what #1086 does), so this makes the new `codex_linux_sandbox_exe` available on `Config` so that it will later be available in `exec.rs` when we need it in #1086.
2025-05-22 21:52:28 -07:00
parent 63deb7c369
commit d1de7bb383
10 changed files with 75 additions and 13 deletions
--- a/codex-rs/tui/src/lib.rs
+++ b/codex-rs/tui/src/lib.rs
@@ -10,6 +10,7 @@ use codex_core::protocol::SandboxPolicy;
 use codex_core::util::is_inside_git_repo;
 use log_layer::TuiLogLayer;
 use std::fs::OpenOptions;
+use std::path::PathBuf;
 use tracing_appender::non_blocking;
 use tracing_subscriber::EnvFilter;
 use tracing_subscriber::prelude::*;
@@ -36,7 +37,7 @@ mod user_approval_widget;

 pub use cli::Cli;

-pub fn run_main(cli: Cli) -> std::io::Result<()> {
+pub fn run_main(cli: Cli, codex_linux_sandbox_exe: Option<PathBuf>) -> std::io::Result<()> {
    let (sandbox_policy, approval_policy) = if cli.full_auto {
        (
            Some(SandboxPolicy::new_full_auto_policy()),
@@ -61,6 +62,7 @@ pub fn run_main(cli: Cli) -> std::io::Result<()> {
            cwd: cli.cwd.clone().map(|p| p.canonicalize().unwrap_or(p)),
            model_provider: None,
            config_profile: cli.config_profile.clone(),
+            codex_linux_sandbox_exe,
        };
        #[allow(clippy::print_stderr)]
        match Config::load_with_overrides(overrides) {
--- a/codex-rs/tui/src/main.rs
+++ b/codex-rs/tui/src/main.rs
@@ -1,10 +1,18 @@
+use std::path::PathBuf;
+
 use clap::Parser;
 use codex_tui::Cli;
 use codex_tui::run_main;

 #[tokio::main]
 async fn main() -> std::io::Result<()> {
+    let codex_linux_sandbox_exe: Option<PathBuf> = if cfg!(target_os = "linux") {
+        std::env::current_exe().ok()
+    } else {
+        None
+    };
+
    let cli = Cli::parse();
-    run_main(cli)?;
+    run_main(cli, codex_linux_sandbox_exe)?;
    Ok(())
 }