Skip to content

docs(codex): troubleshoot bubblewrap unavailable in sandboxed runtimes #917

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
thepagent merged 4 commits into from
May 24, 2026
+41 −1
Merged

docs(codex): troubleshoot bubblewrap unavailable in sandboxed runtimes #917

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b35a273
docs(codex): add troubleshooting for bubblewrap unavailable in sandbo…
chaodu-agent May 24, 2026
338f5ef
docs(codex): add non-privileged container reminder to sandbox note
chaodu-agent May 24, 2026
130f665
docs(codex): remove Dockerfile option, we provide the images
chaodu-agent May 24, 2026
528edff
fix(codex): install bubblewrap in Dockerfile.codex
chaodu-agent May 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Dockerfile.codex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ RUN touch src/main.rs && cargo build --release

# --- Runtime stage ---
FROM node:22-bookworm-slim
RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates curl procps ripgrep tini && rm -rf /var/lib/apt/lists/*
RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates curl procps ripgrep tini bubblewrap && rm -rf /var/lib/apt/lists/*

# Pre-install codex-acp and codex CLI globally
ARG CODEX_ACP_VERSION=0.14.0
Expand Down
40 changes: 40 additions & 0 deletions docs/codex.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -250,6 +250,46 @@ codex exec --dangerously-bypass-approvals-and-sandbox ...

Do not use this flag on an untrusted host.

### `bubblewrap is unavailable: no system bwrap was found on PATH`

Codex's Linux sandbox modes (read-only / workspace-write) rely on `bwrap`
(bubblewrap) to create an inner sandbox. If the runtime image does not include
bubblewrap, even basic commands like `pwd` or `ls` will fail before execution
with this error.

This commonly happens in OpenAB deployments where Codex already runs inside an
isolated container or VM — the outer runtime provides the desired isolation, so
the inner sandbox is redundant.

**Solution — Disable Codex's inner sandbox** (recommended when the outer OpenAB
runtime already provides isolation):

```toml
# /home/node/.codex/config.toml
[sandbox]
sandbox_mode = "danger-full-access"
approval_policy = "on-request"
```

Or launch with:

```bash
codex --sandbox danger-full-access
```

Or via Helm:

```bash
helm install openab openab/openab \
--set-json 'agents.codex.extraConfig={"sandbox":{"sandbox_mode":"danger-full-access","approval_policy":"on-request"}}'
```

> **Important:** `danger-full-access` disables only Codex's *inner* sandbox. It
> does **not** remove the outer OpenAB container/VM isolation. The agent remains
> confined by the runtime's own security boundary. Ensure the outer runtime is a
> non-privileged container (no `--privileged` flag or excessive capabilities) for
> this security model to hold.

### Imagegen appears to hang

Check whether an image was generated even if the CLI has not returned yet:
Expand Down
Loading