What version of Codex CLI is running?
codex-cli 0.116.0
What subscription do you have?
bussiness
Which model were you using?
No response
What platform is your computer?
No response
What terminal emulator and version are you using (if applicable)?
No response
What issue are you seeing?
Description
When using Codex CLI on a shared multi-user server, every terminal command fails before actual execution. Even trivial read-only commands such as
pwd, ls, rg, and sed fail with the same error:
bwrap: Unknown option --argv0
As a result, Codex cannot inspect local files, run tests, or proceed with normal coding tasks.
Environment
- OS: Ubuntu 22.04 (jammy)
- Host: shared multi-user server
- bubblewrap package:
- Installed: 0.6.1-1ubuntu0.1
- Candidate: 0.6.1-1ubuntu0.1
- bwrap path:
- /usr/bin/bwrap
- /bin/bwrap
- bwrap --version:
- bwrap --help | grep argv0:
- no output, indicating this version does not support --argv0
Diagnostics
The following commands were run in the user shell:
type -a bwrap
which bwrap
bwrap --version
bwrap --help | grep argv0
ls -l "$(which bwrap)"
apt policy bubblewrap
Relevant output:
bwrap is /usr/bin/bwrap
bwrap is /bin/bwrap
/usr/bin/bwrap
bubblewrap 0.6.1
APT package info:
Installed: 0.6.1-1ubuntu0.1
Candidate: 0.6.1-1ubuntu0.1
Version table:
*** 0.6.1-1ubuntu0.1 500
This suggests:
- This is not a PATH-shadowing issue
- Ubuntu jammy officially provides bubblewrap 0.6.1
- Codex’s launcher/sandbox layer is invoking bwrap with --argv0
- System bubblewrap 0.6.1 does not support that flag, so the command fails before reaching the shell
Steps to Reproduce
- Use Ubuntu 22.04 (jammy) with the official bubblewrap 0.6.1-1ubuntu0.1
- Start a new Codex CLI session
- Ask Codex to run any simple command, e.g.:
- The command immediately fails with:
bwrap: Unknown option --argv0
Expected Behavior
Codex should at least be able to execute basic shell commands in this environment. If local bwrap does not support --argv0, Codex should either:
- fall back to a compatible invocation,
- emit a clear compatibility error with actionable guidance,
- or allow disabling/replacing this sandbox mechanism
Actual Behavior
All commands fail during sandbox initialization, so Codex cannot perform any terminal action.
Impact
- Cannot read workspace files
- Cannot read external read-only dependency files
- Cannot run tests or debugging commands
- Cannot complete normal coding workflows
Workarounds Attempted
A custom bwrap wrapper was created in user space to strip the unsupported --argv0 argument:
#!/usr/bin/env bash
set -euo pipefail
real_bwrap=/usr/bin/bwrap
args=()
while [ "$#" -gt 0 ]; do
case "$1" in
--argv0)
shift
if [ "$#" -gt 0 ]; then
shift
fi
;;
*)
args+=("$1")
shift
;;
esac
done
exec "$real_bwrap" "${args[@]}"
A new Codex session was then launched with PATH preferring that wrapper.
Result: the new Codex session still failed on pwd / ls with:
bwrap: Unknown option --argv0
This suggests at least one of the following:
- Codex does not resolve bwrap via PATH, and instead calls the system binary directly
- the child environment does not inherit the modified PATH
- the unsupported flag is being injected by an outer launcher layer that the wrapper never intercepts
Suspected Root Cause
Codex CLI / harness / sandbox launcher assumes host bubblewrap supports --argv0, but Ubuntu 22.04’s official bubblewrap 0.6.1 does not, causing an
execution-time compatibility failure.
Requested Fix
- Detect bwrap feature support at runtime via --help or --version
- Provide a compatibility path for older bubblewrap versions
- Allow users to explicitly configure the bwrap binary path
- If newer functionality is required, fail early with a clear minimum supported bubblewrap version
中文版本
标题
Codex CLI 在 Ubuntu 22.04 上无法执行任何命令:沙箱调用 bwrap --argv0,但系统 bubblewrap 0.6.1 不支持该参数
问题描述
在一台多用户共享服务器上使用 Codex CLI 时,任何终端命令都会在真正执行前失败。即使是最简单的只读命令,如 pwd、ls、rg、sed,也无法运行。报错统一为:
bwrap: Unknown option --argv0
这导致 Codex 无法读取本地代码、无法运行测试,也无法继续正常完成代码任务。
环境信息
- OS: Ubuntu 22.04 (jammy)
- Host: 多用户共享服务器
- bubblewrap package:
- Installed: 0.6.1-1ubuntu0.1
- Candidate: 0.6.1-1ubuntu0.1
- bwrap path:
- /usr/bin/bwrap
- /bin/bwrap
- bwrap --version:
- bwrap --help | grep argv0:
诊断结果
在用户终端执行以下命令:
type -a bwrap
which bwrap
bwrap --version
bwrap --help | grep argv0
ls -l "$(which bwrap)"
apt policy bubblewrap
得到的关键信息:
bwrap is /usr/bin/bwrap
bwrap is /bin/bwrap
/usr/bin/bwrap
bubblewrap 0.6.1
APT 信息:
Installed: 0.6.1-1ubuntu0.1
Candidate: 0.6.1-1ubuntu0.1
Version table:
*** 0.6.1-1ubuntu0.1 500
这说明:
- 不是 PATH 命中了错误的 bwrap
- 系统官方仓库当前提供的 jammy 版本就是 0.6.1
- Codex 的执行器/沙箱层在调用 bwrap 时使用了 --argv0
- 但系统 bubblewrap 0.6.1 不支持这个参数,所以命令在进入 shell 前就失败了
复现步骤
- 在 Ubuntu 22.04 (jammy) 上安装官方仓库提供的 bubblewrap 0.6.1-1ubuntu0.1
- 启动 Codex CLI 新会话
- 让 Codex 执行任意简单命令,例如:
- 命令立即失败,错误为:
bwrap: Unknown option --argv0
预期行为
Codex 至少应能在该环境中正常执行基础 shell 命令;如果检测到本机 bwrap 不支持 --argv0,应:
- 自动降级到兼容调用方式,或
- 给出明确的兼容性报错和可操作的提示,或
- 允许关闭/替代该沙箱机制
实际行为
所有命令都在沙箱初始化阶段失败,Codex 无法执行任何终端操作。
影响
- 无法读取工作区文件
- 无法读取工作区外的只读依赖文件
- 无法运行任何测试或调试命令
- 无法完成正常的代码修改流程
已尝试的规避方案
我在用户目录下创建了一个 bwrap 包装器,专门去掉 --argv0 参数,例如:
#!/usr/bin/env bash
set -euo pipefail
real_bwrap=/usr/bin/bwrap
args=()
while [ "$#" -gt 0 ]; do
case "$1" in
--argv0)
shift
if [ "$#" -gt 0 ]; then
shift
fi
;;
*)
args+=("$1")
shift
;;
esac
done
exec "$real_bwrap" "${args[@]}"
并通过修改 PATH 启动了新的 Codex 会话。
结果:新会话里 Codex 执行 pwd / ls 仍然直接报:
bwrap: Unknown option --argv0
这暗示了至少有一种可能:
- Codex 执行器没有使用 PATH 中的 bwrap,而是直接调用了系统 bwrap
- 或者启动子进程时没有继承用户设置的 PATH
- 或者该参数是在更外层注入的,包装器没有实际拦截到
怀疑的根因
Codex CLI / harness / sandbox launcher 假设宿主机 bubblewrap 支持 --argv0,但 Ubuntu 22.04 官方仓库中的 bubblewrap 0.6.1 不支持该参数,导致兼容性
问题。
希望的修复方向
- 在运行前探测 bwrap --help / bwrap --version,根据能力决定是否传 --argv0
- 对旧版 bubblewrap 提供兼容分支
- 允许用户显式指定自定义 bwrap 路径
- 如果必须使用新特性,启动时应给出清晰错误信息,说明最低支持的 bubblewrap 版本
What steps can reproduce the bug?
Steps to Reproduce
- Use Ubuntu 22.04 (jammy) with the official bubblewrap 0.6.1-1ubuntu0.1
- Start a new Codex CLI session
- Ask Codex to run any simple command, e.g.:
- The command immediately fails with:
bwrap: Unknown option --argv0
Expected Behavior
Codex should at least be able to execute basic shell commands in this environment. If local bwrap does not support --argv0, Codex should either:
- fall back to a compatible invocation,
- emit a clear compatibility error with actionable guidance,
- or allow disabling/replacing this sandbox mechanism
Actual Behavior
All commands fail during sandbox initialization, so Codex cannot perform any terminal action.
What is the expected behavior?
No response
Additional information
No response
What version of Codex CLI is running?
codex-cli 0.116.0
What subscription do you have?
bussiness
Which model were you using?
No response
What platform is your computer?
No response
What terminal emulator and version are you using (if applicable)?
No response
What issue are you seeing?
Description
When using Codex CLI on a shared multi-user server, every terminal command fails before actual execution. Even trivial read-only commands such as
pwd, ls, rg, and sed fail with the same error:
bwrap: Unknown option --argv0
As a result, Codex cannot inspect local files, run tests, or proceed with normal coding tasks.
Environment
Diagnostics
The following commands were run in the user shell:
type -a bwrap
which bwrap
bwrap --version
bwrap --help | grep argv0
ls -l "$(which bwrap)"
apt policy bubblewrap
Relevant output:
bwrap is /usr/bin/bwrap
bwrap is /bin/bwrap
/usr/bin/bwrap
bubblewrap 0.6.1
APT package info:
Installed: 0.6.1-1ubuntu0.1
Candidate: 0.6.1-1ubuntu0.1
Version table:
*** 0.6.1-1ubuntu0.1 500
This suggests:
Steps to Reproduce
bwrap: Unknown option --argv0
Expected Behavior
Codex should at least be able to execute basic shell commands in this environment. If local bwrap does not support --argv0, Codex should either:
Actual Behavior
All commands fail during sandbox initialization, so Codex cannot perform any terminal action.
Impact
Workarounds Attempted
A custom bwrap wrapper was created in user space to strip the unsupported --argv0 argument:
#!/usr/bin/env bash
set -euo pipefail
real_bwrap=/usr/bin/bwrap
args=()
while [ "$#" -gt 0 ]; do
case "$1" in
--argv0)
shift
if [ "$#" -gt 0 ]; then
shift
fi
;;
*)
args+=("$1")
shift
;;
esac
done
exec "$real_bwrap" "${args[@]}"
A new Codex session was then launched with PATH preferring that wrapper.
Result: the new Codex session still failed on pwd / ls with:
bwrap: Unknown option --argv0
This suggests at least one of the following:
Suspected Root Cause
Codex CLI / harness / sandbox launcher assumes host bubblewrap supports --argv0, but Ubuntu 22.04’s official bubblewrap 0.6.1 does not, causing an
execution-time compatibility failure.
Requested Fix
中文版本
标题
Codex CLI 在 Ubuntu 22.04 上无法执行任何命令:沙箱调用 bwrap --argv0,但系统 bubblewrap 0.6.1 不支持该参数
问题描述
在一台多用户共享服务器上使用 Codex CLI 时,任何终端命令都会在真正执行前失败。即使是最简单的只读命令,如 pwd、ls、rg、sed,也无法运行。报错统一为:
bwrap: Unknown option --argv0
这导致 Codex 无法读取本地代码、无法运行测试,也无法继续正常完成代码任务。
环境信息
诊断结果
在用户终端执行以下命令:
type -a bwrap
which bwrap
bwrap --version
bwrap --help | grep argv0
ls -l "$(which bwrap)"
apt policy bubblewrap
得到的关键信息:
bwrap is /usr/bin/bwrap
bwrap is /bin/bwrap
/usr/bin/bwrap
bubblewrap 0.6.1
APT 信息:
Installed: 0.6.1-1ubuntu0.1
Candidate: 0.6.1-1ubuntu0.1
Version table:
*** 0.6.1-1ubuntu0.1 500
这说明:
复现步骤
bwrap: Unknown option --argv0
预期行为
Codex 至少应能在该环境中正常执行基础 shell 命令;如果检测到本机 bwrap 不支持 --argv0,应:
实际行为
所有命令都在沙箱初始化阶段失败,Codex 无法执行任何终端操作。
影响
已尝试的规避方案
我在用户目录下创建了一个 bwrap 包装器,专门去掉 --argv0 参数,例如:
#!/usr/bin/env bash
set -euo pipefail
real_bwrap=/usr/bin/bwrap
args=()
while [ "$#" -gt 0 ]; do
case "$1" in
--argv0)
shift
if [ "$#" -gt 0 ]; then
shift
fi
;;
*)
args+=("$1")
shift
;;
esac
done
exec "$real_bwrap" "${args[@]}"
并通过修改 PATH 启动了新的 Codex 会话。
结果:新会话里 Codex 执行 pwd / ls 仍然直接报:
bwrap: Unknown option --argv0
这暗示了至少有一种可能:
怀疑的根因
Codex CLI / harness / sandbox launcher 假设宿主机 bubblewrap 支持 --argv0,但 Ubuntu 22.04 官方仓库中的 bubblewrap 0.6.1 不支持该参数,导致兼容性
问题。
希望的修复方向
What steps can reproduce the bug?
Steps to Reproduce
bwrap: Unknown option --argv0
Expected Behavior
Codex should at least be able to execute basic shell commands in this environment. If local bwrap does not support --argv0, Codex should either:
Actual Behavior
All commands fail during sandbox initialization, so Codex cannot perform any terminal action.
What is the expected behavior?
No response
Additional information
No response