411bfeb410
This introduces a standalone executable that run the equivalent of the `codex debug landlock` subcommand and updates `rust-release.yml` to include it in the release. The idea is that we will include this small binary with the TypeScript CLI to provide support for Linux sandboxing.
18 lines
646 B
Rust
18 lines
646 B
Rust
use codex_core::exec::create_seatbelt_command;
|
|
use codex_core::protocol::SandboxPolicy;
|
|
|
|
pub async fn run_seatbelt(
|
|
command: Vec<String>,
|
|
sandbox_policy: SandboxPolicy,
|
|
) -> anyhow::Result<()> {
|
|
let seatbelt_command = create_seatbelt_command(command, &sandbox_policy);
|
|
let status = tokio::process::Command::new(seatbelt_command[0].clone())
|
|
.args(&seatbelt_command[1..])
|
|
.spawn()
|
|
.map_err(|e| anyhow::anyhow!("Failed to spawn command: {}", e))?
|
|
.wait()
|
|
.await
|
|
.map_err(|e| anyhow::anyhow!("Failed to wait for command: {}", e))?;
|
|
std::process::exit(status.code().unwrap_or(1));
|
|
}
|