move cap_sid file into ~/.codex so the sandbox cannot overwrite it#6798
move cap_sid file into ~/.codex so the sandbox cannot overwrite it#6798iceweasel-oai merged 3 commits intomainfrom
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
3 participants
The
cap_sidfile contains the IDs of the two custom SIDs that the Windows sandbox creates/manages to implement read-only and workspace-write sandbox policies.It previously lived in
<cwd>/.codexwhich means that the sandbox could write to it, which could degrade the efficacy of the sandbox. This change moves it to~/.codex/(or whereverCODEX_HOMEpoints to) so that it is outside the workspace.