use crate::protocol::SandboxPolicy; use crate::spawn::StdioPolicy; use crate::spawn::spawn_child_async; use std::collections::HashMap; use std::path::Path; use std::path::PathBuf; use tokio::process::Child; /// Spawn a shell tool command under the Linux Landlock+seccomp sandbox helper /// (codex-linux-sandbox). /// /// Unlike macOS Seatbelt where we directly embed the policy text, the Linux /// helper accepts a list of `--sandbox-permission`/`-s` flags mirroring the /// public CLI. We convert the internal [`SandboxPolicy`] representation into /// the equivalent CLI options. pub async fn spawn_command_under_linux_sandbox

( codex_linux_sandbox_exe: P, command: Vec, command_cwd: PathBuf, sandbox_policy: &SandboxPolicy, sandbox_policy_cwd: &Path, stdio_policy: StdioPolicy, env: HashMap, ) -> std::io::Result where P: AsRef, { let args = create_linux_sandbox_command_args(command, sandbox_policy, sandbox_policy_cwd); let arg0 = Some("codex-linux-sandbox"); spawn_child_async( codex_linux_sandbox_exe.as_ref().to_path_buf(), args, arg0, command_cwd, sandbox_policy, stdio_policy, env, ) .await } /// Converts the sandbox policy into the CLI invocation for `codex-linux-sandbox`. fn create_linux_sandbox_command_args( command: Vec, sandbox_policy: &SandboxPolicy, sandbox_policy_cwd: &Path, ) -> Vec { #[expect(clippy::expect_used)] let sandbox_policy_cwd = sandbox_policy_cwd .to_str() .expect("cwd must be valid UTF-8") .to_string(); #[expect(clippy::expect_used)] let sandbox_policy_json = serde_json::to_string(sandbox_policy).expect("Failed to serialize SandboxPolicy to JSON"); let mut linux_cmd: Vec = vec![ sandbox_policy_cwd, sandbox_policy_json, // Separator so that command arguments starting with `-` are not parsed as // options of the helper itself. "--".to_string(), ]; // Append the original tool command. linux_cmd.extend(command); linux_cmd }