Sandboxed tool calls fail on Ubuntu 20.04 with bubblewrap 0.4.0 ('bwrap: Unknown option --argv0')

[YSAA1]

What version of Codex is running?

codex-cli 0.116.0

What subscription do you have?

Pro

Which model were you using?

Observed in the Codex CLI agent environment. The failure appears to happen before model-specific behavior matters.

What platform is your computer?

Ubuntu 20.04.6 LTS (focal), amd64

What issue are you seeing?

Description

On Ubuntu 20.04.6 with the system bubblewrap package (0.4.0-1ubuntu4.1), sandboxed tool calls fail immediately with:

bwrap: Unknown option --argv0

In the same environment, commands that bypass the normal sandbox path can still run, which suggests this is specifically a sandbox wrapper compatibility problem.

Reproduction

1. Use Ubuntu 20.04.6 LTS with /usr/bin/bwrap provided by the distro package bubblewrap 0.4.0-1ubuntu4.1
2. Run Codex CLI (codex-cli 0.116.0)
3. Trigger a normal sandboxed tool call
4. Observe immediate failure with bwrap: Unknown option --argv0

Expected behavior

Codex should either:

• gracefully support older bubblewrap versions,
• detect that the installed bwrap does not support --argv0 and show a clearer compatibility error,
• or provide a documented fallback path before attempting sandbox launch.

Additional evidence

• bwrap --version reports bubblewrap 0.4.0
• bwrap --help does not list --argv0
• /usr/bin/bwrap is owned by the Ubuntu package bubblewrap
• apt-cache policy bubblewrap on this machine shows:

Installed: 0.4.0-1ubuntu4.1
Candidate: 0.4.0-1ubuntu4.1
500 http://mirrors.aliyun.com/ubuntu focal-updates/main amd64 Packages
500 http://mirrors.aliyun.com/ubuntu focal-security/main amd64 Packages

This means a normal apt upgrade on Ubuntu 20.04 will not reach a version that supports --argv0.

Likely root cause

Codex appears to assume bubblewrap supports --argv0, but Ubuntu 20.04 ships an older version that does not. This seems like a Codex / local sandbox compatibility gap rather than a repo-specific problem.

Possibly related official issues

• Codex faills with sandbox error trying to execute python file #848
• [TypeScript] Unable to skip sandboxing on platforms Codex considers supported #973
• WSL: No solution to "Error: The combination of seccomp/landlock that Codex uses for sandboxing is not supported in this environment."? #1039

[YSAA1]

Additional diagnostic details from the affected machine:

$ codex --version
codex-cli 0.116.0

$ command -v bwrap && bwrap --version
/usr/bin/bwrap
bubblewrap 0.4.0

$ bwrap --help | rg -- '--argv0'
<no output>

$ dpkg -S /usr/bin/bwrap
bubblewrap: /usr/bin/bwrap

$ apt-cache policy bubblewrap
bubblewrap:
  Installed: 0.4.0-1ubuntu4.1
  Candidate: 0.4.0-1ubuntu4.1
  Version table:
 *** 0.4.0-1ubuntu4.1 500
        500 http://mirrors.aliyun.com/ubuntu focal-updates/main amd64 Packages
        500 http://mirrors.aliyun.com/ubuntu focal-security/main amd64 Packages
        100 /var/lib/dpkg/status
     0.4.0-1ubuntu4 500
        500 http://mirrors.aliyun.com/ubuntu focal/main amd64 Packages

A few practical observations:

• The failure is consistent for sandboxed tool execution paths.
• The error happens immediately at sandbox launch time, before the actual tool logic matters.
• Commands that bypass the normal sandbox path can still run successfully in the same environment.

That makes this look less like a repo-specific failure and more like a compatibility assumption in the sandbox wrapper: Codex appears to invoke bwrap with --argv0, but Ubuntu 20.04's packaged bubblewrap does not support that flag.

If helpful, I can also test a patched/local newer bubblewrap on the same machine and report whether that fully resolves the issue.

[github-actions]

Potential duplicates detected. Please review them and close your issue if it is a duplicate.

• v0.116.0 ubuntu22.04 errors mentioning bwrap sandbox wrapper constantly occur #15260

Powered by Codex Action

[reeya2022]

This also reproduces for me on Rocky Linux 8.10 via the VS Code extension’s bundled Codex (openai.chatgpt-26.318.11754-linux-x64, bundled codex-cli 0.116.0-alpha.10).

On this system, /usr/bin/bwrap --version is bubblewrap 0.4.0 and /usr/local/bin/bwrap --version is bubblewrap 0.9.0.

The error is the same: bwrap: Unknown option --argv0.

Downgrading the extension by one version avoids the issue. Restarting VS Code Server, changing PATH, and setting BWRAP / BUBBLEWRAP did not help.

[Alek2077]

Additional confirmed repro on Ubuntu 22.04 (Jammy):

• codex-cli 0.116.0
• system /usr/bin/bwrap from Ubuntu package bubblewrap 0.6.1-1ubuntu0.1
• after installing the system bubblewrap, sandboxed Codex tool calls started failing with bwrap: Unknown option --argv0
• removing the system bubblewrap package restored normal behavior by forcing Codex to fall back to its bundled bubblewrap

This suggests the incompatibility is not limited to Ubuntu 20.04 / bwrap 0.4.0; it also reproduces on Jammy with distro bubblewrap 0.6.1.

In this environment, the failure appeared immediately after upgrading to codex-cli 0.116.0 and installing the distro bubblewrap package.

[Tolriq]

use_legacy_landlock = true in .codex/config.toml workaround this.

[de-tre]

use_legacy_landlock = true in .codex/config.toml workaround this.

Thanks, this did help on my WSL2 Ubuntu 22.04.5 setup with codex-cli 0.116.0, just to add two details in case anyone's unaware (I was at first at least):

1. The flag needed to be under [features]:

[features]
use_legacy_landlock = true

2. Putting it only in the repo-local .codex/config.toml fixed direct CLI runs in that repo for me, but the chat-integrated/sandboxed tool path still appeared to use ~/.codex/config.toml. So in my case I needed the same flag there as well.

Edit:
Codex CLI Code reviews still failing for me unfortunately.

• the integrated tool / review path still fails in my environment
• I still get unexpected argument '--sandbox-policy-cwd' there