From b35a27350a0667b5c3705f2cab269b6d18480d5d Mon Sep 17 00:00:00 2001
From: chaodu-agent <chaodu-agent@users.noreply.github.com>
Date: Sun, 24 May 2026 13:37:02 +0000
Subject: [PATCH 1/4] docs(codex): add troubleshooting for bubblewrap
 unavailable in sandboxed runtimes

When Codex runs inside an already-isolated OpenAB runtime without bubblewrap
installed, its inner sandbox fails with 'bubblewrap is unavailable'. Document
both resolution options: installing bwrap or disabling the inner sandbox.

Closes #908
---
 docs/codex.md | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/docs/codex.md b/docs/codex.md
index 50d1b693..73714a56 100644
--- a/docs/codex.md
+++ b/docs/codex.md
@@ -250,6 +250,51 @@ codex exec --dangerously-bypass-approvals-and-sandbox ...
 
 Do not use this flag on an untrusted host.
 
+### `bubblewrap is unavailable: no system bwrap was found on PATH`
+
+Codex's Linux sandbox modes (read-only / workspace-write) rely on `bwrap`
+(bubblewrap) to create an inner sandbox. If the runtime image does not include
+bubblewrap, even basic commands like `pwd` or `ls` will fail before execution
+with this error.
+
+This commonly happens in OpenAB deployments where Codex already runs inside an
+isolated container or VM — the outer runtime provides the desired isolation, so
+the inner sandbox is redundant.
+
+**Option 1 — Install bubblewrap in the image** (keeps inner sandbox active):
+
+```dockerfile
+# Dockerfile.codex
+RUN apt-get update && apt-get install -y bubblewrap && rm -rf /var/lib/apt/lists/*
+```
+
+**Option 2 — Disable Codex's inner sandbox** (recommended when the outer OpenAB
+runtime already provides isolation):
+
+```toml
+# /home/node/.codex/config.toml
+[sandbox]
+sandbox_mode = "danger-full-access"
+approval_policy = "on-request"
+```
+
+Or launch with:
+
+```bash
+codex --sandbox danger-full-access
+```
+
+Or via Helm:
+
+```bash
+helm install openab openab/openab \
+  --set-json 'agents.codex.extraConfig={"sandbox":{"sandbox_mode":"danger-full-access","approval_policy":"on-request"}}'
+```
+
+> **Important:** `danger-full-access` disables only Codex's *inner* sandbox. It
+> does **not** remove the outer OpenAB container/VM isolation. The agent remains
+> confined by the runtime's own security boundary.
+
 ### Imagegen appears to hang
 
 Check whether an image was generated even if the CLI has not returned yet:

From 338f5efe87d5d6f47d4afdff182e8ca9668b9783 Mon Sep 17 00:00:00 2001
From: chaodu-agent <chaodu-agent@users.noreply.github.com>
Date: Sun, 24 May 2026 13:43:26 +0000
Subject: [PATCH 2/4] docs(codex): add non-privileged container reminder to
 sandbox note

---
 docs/codex.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/codex.md b/docs/codex.md
index 73714a56..d54af6ae 100644
--- a/docs/codex.md
+++ b/docs/codex.md
@@ -293,7 +293,9 @@ helm install openab openab/openab \
 
 > **Important:** `danger-full-access` disables only Codex's *inner* sandbox. It
 > does **not** remove the outer OpenAB container/VM isolation. The agent remains
-> confined by the runtime's own security boundary.
+> confined by the runtime's own security boundary. Ensure the outer runtime is a
+> non-privileged container (no `--privileged` flag or excessive capabilities) for
+> this security model to hold.
 
 ### Imagegen appears to hang
 

From 130f665e8ce38e8d0ee81389960200f51c5f81c4 Mon Sep 17 00:00:00 2001
From: chaodu-agent <chaodu-agent@users.noreply.github.com>
Date: Sun, 24 May 2026 13:45:09 +0000
Subject: [PATCH 3/4] docs(codex): remove Dockerfile option, we provide the
 images

---
 docs/codex.md | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/docs/codex.md b/docs/codex.md
index d54af6ae..ca6e23ee 100644
--- a/docs/codex.md
+++ b/docs/codex.md
@@ -261,14 +261,7 @@ This commonly happens in OpenAB deployments where Codex already runs inside an
 isolated container or VM — the outer runtime provides the desired isolation, so
 the inner sandbox is redundant.
 
-**Option 1 — Install bubblewrap in the image** (keeps inner sandbox active):
-
-```dockerfile
-# Dockerfile.codex
-RUN apt-get update && apt-get install -y bubblewrap && rm -rf /var/lib/apt/lists/*
-```
-
-**Option 2 — Disable Codex's inner sandbox** (recommended when the outer OpenAB
+**Solution — Disable Codex's inner sandbox** (recommended when the outer OpenAB
 runtime already provides isolation):
 
 ```toml

From 528edfff85d7491974a02304d62cda73a56f33cc Mon Sep 17 00:00:00 2001
From: chaodu-agent <chaodu-agent@users.noreply.github.com>
Date: Sun, 24 May 2026 13:46:31 +0000
Subject: [PATCH 4/4] fix(codex): install bubblewrap in Dockerfile.codex

Aligns with Dockerfile.claude which already includes bubblewrap.
This resolves the 'bubblewrap is unavailable' error at runtime.
---
 Dockerfile.codex | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile.codex b/Dockerfile.codex
index cb621ef2..32fc6a25 100644
--- a/Dockerfile.codex
+++ b/Dockerfile.codex
@@ -8,7 +8,7 @@ RUN touch src/main.rs && cargo build --release
 
 # --- Runtime stage ---
 FROM node:22-bookworm-slim
-RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates curl procps ripgrep tini && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates curl procps ripgrep tini bubblewrap && rm -rf /var/lib/apt/lists/*
 
 # Pre-install codex-acp and codex CLI globally
 ARG CODEX_ACP_VERSION=0.14.0