c32e9cfe86
Apparently we were not running our `pnpm run prettier` check in CI, so many files that were covered by the existing Prettier check were not well-formatted. This updates CI and formats the files.
9 lines
837 B
Markdown
9 lines
837 B
Markdown
### Platform sandboxing details
|
|
|
|
The mechanism Codex uses to implement the sandbox policy depends on your OS:
|
|
|
|
- **macOS 12+** uses **Apple Seatbelt** and runs commands using `sandbox-exec` with a profile (`-p`) that corresponds to the `--sandbox` that was specified.
|
|
- **Linux** uses a combination of Landlock/seccomp APIs to enforce the `sandbox` configuration.
|
|
|
|
Note that when running Linux in a containerized environment such as Docker, sandboxing may not work if the host/container configuration does not support the necessary Landlock/seccomp APIs. In such cases, we recommend configuring your Docker container so that it provides the sandbox guarantees you are looking for and then running `codex` with `--sandbox danger-full-access` (or, more simply, the `--dangerously-bypass-approvals-and-sandbox` flag) within your container.
|