Enforce workspace metadata protections in Linux sandbox#19852
Merged
evawong-oai merged 3 commits intomainfrom Apr 29, 2026
Merged
Enforce workspace metadata protections in Linux sandbox#19852evawong-oai merged 3 commits intomainfrom
evawong-oai merged 3 commits intomainfrom
Conversation
This was referenced Apr 27, 2026
evawong-oai
force-pushed
the
codex/bugb15632-runtime-permissions
branch
from
f23239c to
2e4f779
Compare
evawong-oai
force-pushed
the
codex/bugb15632_missing_protected_paths_v2
branch
2 times, most recently
from
56fd774 to
7b2a10c
Compare
evawong-oai
force-pushed
the
codex/bugb15632-runtime-permissions
branch
from
2e4f779 to
774934a
Compare
evawong-oai
force-pushed
the
codex/bugb15632_missing_protected_paths_v2
branch
from
7b2a10c to
7917f64
Compare
evawong-oai
force-pushed
the
codex/bugb15632-runtime-permissions
branch
from
774934a to
21cfe9c
Compare
evawong-oai
force-pushed
the
codex/bugb15632_missing_protected_paths_v2
branch
from
7917f64 to
fa82006
Compare
evawong-oai
force-pushed
the
codex/bugb15632-runtime-permissions
branch
from
4e95f07 to
5f6cf03
Compare
evawong-oai
force-pushed
the
codex/bugb15632_missing_protected_paths_v2
branch
2 times, most recently
from
87b8a74 to
83c8532
Compare
evawong-oai
force-pushed
the
codex/bugb15632-runtime-permissions
branch
2 times, most recently
from
a73dc93 to
f483023
Compare
evawong-oai
force-pushed
the
codex/bugb15632_missing_protected_paths_v2
branch
3 times, most recently
from
f22eea7 to
315a0c1
Compare
evawong-oai
force-pushed
the
codex/bugb15632-runtime-permissions
branch
from
f483023 to
9d4f283
Compare
evawong-oai
force-pushed
the
codex/bugb15632_missing_protected_paths_v2
branch
from
315a0c1 to
684fe6f
Compare
evawong-oai
force-pushed
the
codex/bugb15632-runtime-permissions
branch
from
9d4f283 to
4db4407
Compare
evawong-oai
force-pushed
the
codex/bugb15632_missing_protected_paths_v2
branch
2 times, most recently
from
4c3c7d4 to
b544225
Compare
evawong-oai
force-pushed
the
codex/bugb15632-runtime-permissions
branch
from
4db4407 to
e8365c7
Compare
evawong-oai
force-pushed
the
codex/bugb15632_missing_protected_paths_v2
branch
from
b544225 to
9125e97
Compare
evawong-oai
changed the title
evawong-oai
force-pushed
the
codex/bugb15632_missing_protected_paths_v2
branch
from
9125e97 to
8cf7592
Compare
evawong-oai
force-pushed
the
codex/bugb15632_missing_protected_paths_v2
branch
from
372c9e0 to
619bea4
Compare
evawong-oai
changed the base branch from
codex/bugb15632-runtime-permissions
to
main
evawong-oai
force-pushed
the
codex/bugb15632_missing_protected_paths_v2
branch
16 times, most recently
from
7c52dc9 to
3a3b71b
Compare
evawong-oai
force-pushed
the
codex/bugb15632_missing_protected_paths_v2
branch
from
3a3b71b to
ca4b5c6
Compare
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ca4b5c6387
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
viyatb-oai
reviewed
Apr 29, 2026
viyatb-oai
approved these changes
Apr 29, 2026
Contributor
Author
|
Thanks. I am keeping this PR scoped to the Linux sandbox protection fix. A follow up cleanup PR will modularize the bwrap code so this logic is easier to review and maintain. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Enforce FileSystemSandboxPolicy protected metadata names in the Linux bubblewrap adapter so
.git,.agents, and.codexremain read only inside writable workspace roots unless the policy grants an explicit write carveout.Scope
.git,.agents, or.codexunder writable roots.Not in scope
Reviewer focus
FileSystemSandboxPolicyis the source of truth for.git,.agents, and.codex.Validation
git diffwhitespace check passed.cargo fmtcheck passed with the existing stable rustfmt warning aboutimports_granularity.012accb703c13bd28df5b40079a9bf183036336a.just c sandbox linux.