docs: clarify sandboxing situation on Linux (#103)

There doesn't appear to actually be any sandboxing on Linux. Correct the README. Signed-off-by: Christopher Cooper <christopher@cg505.com>
2025-04-17 08:15:39 -07:00
parent 4386dfc67b
commit f9c15523e7
2 changed files with 5 additions and 6 deletions
--- a/README.md
+++ b/README.md
@@ -137,13 +137,12 @@ The hardening mechanism Codex uses depends on your OS:
  - Outbound network is _fully blocked_ by default – even if a child process
    tries to `curl` somewhere it will fail.

- **Linux** – we recommend using Docker for sandboxing, where Codex launches itself inside a **minimal
+- **Linux** – there is no sandboxing by default.
+  We recommend using Docker for sandboxing, where Codex launches itself inside a **minimal
  container image** and mounts your repo _read/write_ at the same path. A
  custom `iptables`/`ipset` firewall script denies all egress except the
  OpenAI API. This gives you deterministic, reproducible runs without needing
-  root on the host. You can read more in [`run_in_container.sh`](./codex-cli/scripts/run_in_container.sh)
-
-Both approaches are _transparent_ to everyday usage – you still run `codex` from your repo root and approve/reject steps as usual.
+  root on the host. You can use the [`run_in_container.sh`](./codex-cli/scripts/run_in_container.sh) script to set up the sandbox.

 ---