diff --git a/codex-rs/exec-server/tests/suite/mod.rs b/codex-rs/exec-server/tests/suite/mod.rs
index 3a94f58579e0..397a4a6f2bf5 100644
--- a/codex-rs/exec-server/tests/suite/mod.rs
+++ b/codex-rs/exec-server/tests/suite/mod.rs
@@ -1,8 +1,4 @@
-// TODO(mbolin): Get this test working on Linux. Currently, it fails with:
-//
-// > Error: Mcp error: -32603: sandbox error: sandbox denied exec error,
-// > exit code: 1, stdout: , stderr: Error: failed to send handshake datagram
-#[cfg(all(target_os = "macos", target_arch = "aarch64"))]
+#[cfg(any(all(target_os = "macos", target_arch = "aarch64"), target_os = "linux"))]
 mod accept_elicitation;
 #[cfg(any(all(target_os = "macos", target_arch = "aarch64"), target_os = "linux"))]
 mod list_tools;
diff --git a/codex-rs/linux-sandbox/src/landlock.rs b/codex-rs/linux-sandbox/src/landlock.rs
index 5bc96130dda3..119d859b26f0 100644
--- a/codex-rs/linux-sandbox/src/landlock.rs
+++ b/codex-rs/linux-sandbox/src/landlock.rs
@@ -102,12 +102,10 @@ fn install_network_seccomp_filter_on_current_thread() -> std::result::Result<(),
     deny_syscall(libc::SYS_getsockname);
     deny_syscall(libc::SYS_shutdown);
     deny_syscall(libc::SYS_sendto);
-    deny_syscall(libc::SYS_sendmsg);
     deny_syscall(libc::SYS_sendmmsg);
     // NOTE: allowing recvfrom allows some tools like: `cargo clippy` to run
     // with their socketpair + child processes for sub-proc management
     // deny_syscall(libc::SYS_recvfrom);
-    deny_syscall(libc::SYS_recvmsg);
     deny_syscall(libc::SYS_recvmmsg);
     deny_syscall(libc::SYS_getsockopt);
     deny_syscall(libc::SYS_setsockopt);