2ecca79663
The high-order bit on this PR is that it makes it so `sandbox.rs` tests both Mac and Linux, as we introduce a general `spawn_command_under_sandbox()` function with platform-specific implementations for testing. An important, and interesting, discovery in porting the test to Linux is that (for reasons cited in the code comments), `/dev/shm` has to be added to `writable_roots` on Linux in order for `multiprocessing.Lock` to work there. Granting write access to `/dev/shm` comes with some degree of risk, so we do not make this the default for Codex CLI. Piggybacking on top of #2317, this moves the `python_multiprocessing_lock_works` test yet again, moving `codex-rs/core/tests/sandbox.rs` to `codex-rs/exec/tests/sandbox.rs` because in `codex-rs/exec/tests` we can use `cargo_bin()` like so: ``` let codex_linux_sandbox_exe = assert_cmd::cargo::cargo_bin("codex-exec"); ``` which is necessary so we can use `codex_linux_sandbox_exe` and therefore `spawn_command_under_linux_sandbox` in an integration test. This also moves `spawn_command_under_linux_sandbox()` out of `exec.rs` and into `landlock.rs`, which makes things more consistent with `seatbelt.rs` in `codex-core`. For reference, https://github.com/openai/codex/pull/1808 is the PR that made the change to Seatbelt to get this test to pass on Mac.
59 lines
1.5 KiB
Rust
59 lines
1.5 KiB
Rust
//! Root of the `codex-core` library.
|
|
|
|
// Prevent accidental direct writes to stdout/stderr in library code. All
|
|
// user-visible output must go through the appropriate abstraction (e.g.,
|
|
// the TUI or the tracing stack).
|
|
#![deny(clippy::print_stdout, clippy::print_stderr)]
|
|
|
|
mod apply_patch;
|
|
mod bash;
|
|
mod chat_completions;
|
|
mod client;
|
|
mod client_common;
|
|
pub mod codex;
|
|
mod codex_conversation;
|
|
pub use codex_conversation::CodexConversation;
|
|
pub mod config;
|
|
pub mod config_profile;
|
|
pub mod config_types;
|
|
mod conversation_history;
|
|
mod environment_context;
|
|
pub mod error;
|
|
pub mod exec;
|
|
pub mod exec_env;
|
|
mod flags;
|
|
pub mod git_info;
|
|
mod is_safe_command;
|
|
pub mod landlock;
|
|
mod mcp_connection_manager;
|
|
mod mcp_tool_call;
|
|
mod message_history;
|
|
mod model_provider_info;
|
|
pub mod parse_command;
|
|
pub use model_provider_info::BUILT_IN_OSS_MODEL_PROVIDER_ID;
|
|
pub use model_provider_info::ModelProviderInfo;
|
|
pub use model_provider_info::WireApi;
|
|
pub use model_provider_info::built_in_model_providers;
|
|
pub use model_provider_info::create_oss_provider_with_base_url;
|
|
mod conversation_manager;
|
|
pub use conversation_manager::ConversationManager;
|
|
pub use conversation_manager::NewConversation;
|
|
pub mod model_family;
|
|
mod models;
|
|
mod openai_model_info;
|
|
mod openai_tools;
|
|
pub mod plan_tool;
|
|
mod project_doc;
|
|
pub mod protocol;
|
|
mod rollout;
|
|
pub(crate) mod safety;
|
|
pub mod seatbelt;
|
|
pub mod shell;
|
|
pub mod spawn;
|
|
pub mod turn_diff_tracker;
|
|
pub mod user_agent;
|
|
mod user_notification;
|
|
pub mod util;
|
|
pub use apply_patch::CODEX_APPLY_PATCH_ARG1;
|
|
pub use safety::get_platform_sandbox;
|