Skip to content

fix(linux-sandbox): isolate Linux sandbox synthetic mount registry per user for shared codex use case#21234

Merged
viyatb-oai merged 1 commit intomainfrom
codex/viyatb/fix-21192
May 5, 2026
Merged

fix(linux-sandbox): isolate Linux sandbox synthetic mount registry per user for shared codex use case#21234
viyatb-oai merged 1 commit intomainfrom
codex/viyatb/fix-21192

Conversation

@viyatb-oai
Copy link
Copy Markdown
Collaborator

@viyatb-oai viyatb-oai commented May 5, 2026
edited
Loading

Summary

  • make the Linux sandbox synthetic mount registry path unique per effective UID
  • keep same-user coordination intact while avoiding collisions between users sharing /tmp
  • add a regression test for the registry path contract

Why

Issue #21192 reports that the Linux sandbox currently uses one global temp path at /tmp/codex-bwrap-synthetic-mount-targets. If another user creates that directory first, later users can fail to open the shared lock file with Permission denied.

Validation

  • just fmt
  • cargo test -p codex-linux-sandbox
  • cargo clippy -p codex-linux-sandbox --all-targets

Fixes #21192

@viyatb-oai viyatb-oai changed the title [codex] isolate Linux sandbox synthetic mount registry per user fix(linux-sandbox): isolate Linux sandbox synthetic mount registry per user for shared codex use case May 5, 2026
@viyatb-oai viyatb-oai marked this pull request as ready for review May 5, 2026 20:34
@viyatb-oai viyatb-oai requested a review from evawong-oai May 5, 2026 20:34
evawong-oai
evawong-oai approved these changes May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@evawong-oai evawong-oai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed the small Linux sandbox diff. It keeps registry coordination per effective UID and has focused CI coverage.

@viyatb-oai viyatb-oai enabled auto-merge (squash) May 5, 2026 20:37
@viyatb-oai viyatb-oai merged commit 9cbef24 into main May 5, 2026
26 checks passed
@viyatb-oai viyatb-oai deleted the codex/viyatb/fix-21192 branch May 5, 2026 20:43
@github-actions github-actions Bot locked and limited conversation to collaborators May 5, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@evawong-oai evawong-oai evawong-oai approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Linux sandbox (bubblewrap) uses non-unique temp registry path, breaking multi-user /tmp

2 participants

@viyatb-oai @evawong-oai