mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
Run exec-server fs operations through sandbox helper (#17294)
## Summary - run exec-server filesystem RPCs requiring sandboxing through a `codex-fs` arg0 helper over stdin/stdout - keep direct local filesystem execution for `DangerFullAccess` and external sandbox policies - remove the standalone exec-server binary path in favor of top-level arg0 dispatch/runtime paths - add sandbox escape regression coverage for local and remote filesystem paths ## Validation - `just fmt` - `git diff --check` - remote devbox: `cd codex-rs && bazel test --bes_backend= --bes_results_url= //codex-rs/exec-server:all` (6/6 passed) --------- Co-authored-by: Codex <noreply@openai.com>
This commit is contained in:
committed by
GitHub
Unverified
parent
7c1e41c8b6
commit
d626dc3895
@@ -105,10 +105,10 @@ remote_repo_root="$HOME/code/codex-sync"
|
||||
remote_codex_rs="$remote_repo_root/codex-rs"
|
||||
|
||||
cd "${remote_codex_rs}"
|
||||
cargo build -p codex-exec-server --bin codex-exec-server
|
||||
cargo build -p codex-cli --bin codex
|
||||
|
||||
rm -f "${remote_exec_server_log_path}" "${remote_exec_server_pid_path}"
|
||||
nohup ./target/debug/codex-exec-server --listen ws://127.0.0.1:0 \
|
||||
nohup ./target/debug/codex exec-server --listen ws://127.0.0.1:0 \
|
||||
>"${remote_exec_server_log_path}" 2>&1 &
|
||||
remote_exec_server_pid="$!"
|
||||
echo "${remote_exec_server_pid}" >"${remote_exec_server_pid_path}"
|
||||
|
||||
Reference in New Issue
Block a user