From f9c15523e737c1d4723ad372f51361192f709be2 Mon Sep 17 00:00:00 2001 From: Christopher Cooper Date: Thu, 17 Apr 2025 08:15:39 -0700 Subject: [PATCH] docs: clarify sandboxing situation on Linux (#103) There doesn't appear to actually be any sandboxing on Linux. Correct the README. Signed-off-by: Christopher Cooper --- README.md | 7 +++---- codex-cli/src/utils/agent/handle-exec-command.ts | 4 ++-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 235e2e33..ab6cf3a7 100644 --- a/README.md +++ b/README.md @@ -137,13 +137,12 @@ The hardening mechanism Codex uses depends on your OS: - Outbound network is _fully blocked_ by default – even if a child process tries to `curl` somewhere it will fail. -- **Linux** – we recommend using Docker for sandboxing, where Codex launches itself inside a **minimal +- **Linux** – there is no sandboxing by default. + We recommend using Docker for sandboxing, where Codex launches itself inside a **minimal container image** and mounts your repo _read/write_ at the same path. A custom `iptables`/`ipset` firewall script denies all egress except the OpenAI API. This gives you deterministic, reproducible runs without needing - root on the host. You can read more in [`run_in_container.sh`](./codex-cli/scripts/run_in_container.sh) - -Both approaches are _transparent_ to everyday usage – you still run `codex` from your repo root and approve/reject steps as usual. + root on the host. You can use the [`run_in_container.sh`](./codex-cli/scripts/run_in_container.sh) script to set up the sandbox. --- diff --git a/codex-cli/src/utils/agent/handle-exec-command.ts b/codex-cli/src/utils/agent/handle-exec-command.ts index 84dbbc9c..93e8ea52 100644 --- a/codex-cli/src/utils/agent/handle-exec-command.ts +++ b/codex-cli/src/utils/agent/handle-exec-command.ts @@ -257,7 +257,7 @@ async function execCommand( }; } -const isInContainer = async (): Promise => { +const isInLinux = async (): Promise => { try { await access("/proc/1/cgroup"); return true; @@ -270,7 +270,7 @@ async function getSandbox(runInSandbox: boolean): Promise { if (runInSandbox) { if (process.platform === "darwin") { return SandboxType.MACOS_SEATBELT; - } else if (await isInContainer()) { + } else if (await isInLinux()) { return SandboxType.NONE; } throw new Error("Sandbox was mandated, but no sandbox is available!");