Skip to content

Enforce workspace metadata protections in Linux sandbox#19852

Draft
evawong-oai wants to merge 1 commit intocodex/bugb15632-runtime-permissionsfrom
codex/bugb15632_missing_protected_paths_v2
Draft

Enforce workspace metadata protections in Linux sandbox#19852
evawong-oai wants to merge 1 commit intocodex/bugb15632-runtime-permissionsfrom
codex/bugb15632_missing_protected_paths_v2

Conversation

@evawong-oai
Copy link
Copy Markdown
Contributor

@evawong-oai evawong-oai commented Apr 27, 2026
edited
Loading

Summary

Teach Linux bubblewrap to enforce protected workspace metadata names so writable roots cannot create or replace .git, .codex, or .agents unless user policy explicitly allows it.

Scope

  1. Convert protected metadata names into protected create targets for writable roots.
  2. Keep bind mount targets valid while masking missing metadata paths.
  3. Add Linux sandbox launcher coverage for first time metadata path creation, explicit carveouts, and normal git operations.

Reviewer Focus

  1. This PR only covers Linux bubblewrap enforcement.
  2. Policy shape is introduced in Add workspace metadata protection policy primitive #19846.
  3. macOS enforcement is handled separately in Enforce workspace metadata protections in Seatbelt #19847.
  4. Normal git operations should still work when git metadata already exists.

Stack

  1. Policy primitive: Add workspace metadata protection policy primitive #19846
  2. macOS Seatbelt enforcement: Enforce workspace metadata protections in Seatbelt #19847
  3. Shell preflight UX: Add workspace metadata shell preflight #19848
  4. Runtime permission propagation: Propagate runtime permission profiles #19849
  5. Linux bubblewrap enforcement: this PR

Validation

  1. cargo test --manifest-path codex-rs/Cargo.toml -p codex-linux-sandbox bwrap
  2. cargo check --manifest-path codex-rs/Cargo.toml -p codex-cli -p codex-core
  3. cargo fmt --manifest-path codex-rs/Cargo.toml --package codex-linux-sandbox
  4. git diff --check
  5. Forty six devbox cases passed on the earlier stacked head using the just c harness. Not rerun after this terminology only rewrite yet.

This was referenced Apr 27, 2026
Open
Draft
Draft
Draft
Merged
@evawong-oai evawong-oai force-pushed the codex/bugb15632-runtime-permissions branch from f23239c to 2e4f779 Compare April 27, 2026 18:32
@evawong-oai evawong-oai force-pushed the codex/bugb15632_missing_protected_paths_v2 branch 2 times, most recently from 56fd774 to 7b2a10c Compare April 27, 2026 18:40
@evawong-oai evawong-oai force-pushed the codex/bugb15632-runtime-permissions branch from 2e4f779 to 774934a Compare April 27, 2026 18:40
@evawong-oai evawong-oai force-pushed the codex/bugb15632_missing_protected_paths_v2 branch from 7b2a10c to 7917f64 Compare April 27, 2026 18:55
@evawong-oai evawong-oai force-pushed the codex/bugb15632-runtime-permissions branch from 774934a to 21cfe9c Compare April 27, 2026 18:55
@evawong-oai evawong-oai force-pushed the codex/bugb15632_missing_protected_paths_v2 branch from 7917f64 to fa82006 Compare April 27, 2026 19:07
@evawong-oai evawong-oai force-pushed the codex/bugb15632-runtime-permissions branch from 4e95f07 to 5f6cf03 Compare April 27, 2026 19:49
@evawong-oai evawong-oai force-pushed the codex/bugb15632_missing_protected_paths_v2 branch 2 times, most recently from 87b8a74 to 83c8532 Compare April 27, 2026 20:52
@evawong-oai evawong-oai force-pushed the codex/bugb15632-runtime-permissions branch 2 times, most recently from a73dc93 to f483023 Compare April 27, 2026 21:14
@evawong-oai evawong-oai force-pushed the codex/bugb15632_missing_protected_paths_v2 branch 3 times, most recently from f22eea7 to 315a0c1 Compare April 27, 2026 21:32
@evawong-oai evawong-oai force-pushed the codex/bugb15632-runtime-permissions branch from f483023 to 9d4f283 Compare April 27, 2026 22:22
@evawong-oai evawong-oai force-pushed the codex/bugb15632_missing_protected_paths_v2 branch from 315a0c1 to 684fe6f Compare April 27, 2026 22:22
@evawong-oai evawong-oai force-pushed the codex/bugb15632-runtime-permissions branch from 9d4f283 to 4db4407 Compare April 28, 2026 00:10
@evawong-oai evawong-oai force-pushed the codex/bugb15632_missing_protected_paths_v2 branch 2 times, most recently from 4c3c7d4 to b544225 Compare April 28, 2026 00:17
@evawong-oai evawong-oai force-pushed the codex/bugb15632-runtime-permissions branch from 4db4407 to e8365c7 Compare April 28, 2026 01:10
@evawong-oai evawong-oai force-pushed the codex/bugb15632_missing_protected_paths_v2 branch from b544225 to 9125e97 Compare April 28, 2026 01:10
@evawong-oai evawong-oai changed the title Enforce preserved path names in Linux sandbox Enforce workspace metadata protections in Linux sandbox Apr 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@evawong-oai