e79549f039
This PR adds a `debug landlock` subcommand to the Codex CLI for testing how Codex would execute a command using the specified sandbox policy. Built and ran this code in the `rust:latest` Docker container. In the container, hitting the network with vanilla `curl` succeeds: ``` $ curl google.com <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>301 Moved</TITLE></HEAD><BODY> <H1>301 Moved</H1> The document has moved <A HREF="http://www.google.com/">here</A>. </BODY></HTML> ``` whereas this fails, as expected: ``` $ cargo run -- debug landlock -s network-restricted -- curl google.com curl: (6) getaddrinfo() thread failed to start ```
32 lines
747 B
Rust
32 lines
747 B
Rust
//! Root of the `codex-core` library.
|
||
|
||
// Prevent accidental direct writes to stdout/stderr in library code. All
|
||
// user‑visible output must go through the appropriate abstraction (e.g.,
|
||
// the TUI or the tracing stack).
|
||
#![deny(clippy::print_stdout, clippy::print_stderr)]
|
||
|
||
mod client;
|
||
pub mod codex;
|
||
pub mod codex_wrapper;
|
||
pub mod config;
|
||
pub mod error;
|
||
pub mod exec;
|
||
mod flags;
|
||
mod is_safe_command;
|
||
#[cfg(target_os = "linux")]
|
||
pub mod linux;
|
||
mod models;
|
||
pub mod protocol;
|
||
mod safety;
|
||
pub mod util;
|
||
mod zdr_transcript;
|
||
|
||
pub use codex::Codex;
|
||
|
||
#[cfg(feature = "cli")]
|
||
mod approval_mode_cli_arg;
|
||
#[cfg(feature = "cli")]
|
||
pub use approval_mode_cli_arg::ApprovalModeCliArg;
|
||
#[cfg(feature = "cli")]
|
||
pub use approval_mode_cli_arg::SandboxModeCliArg;
|