Files
codex/codex-cli
T
Michael Bolin 40460faf2a fix: tighten up check for /usr/bin/sandbox-exec (#710)
* In both TypeScript and Rust, we now invoke `/usr/bin/sandbox-exec`
explicitly rather than whatever `sandbox-exec` happens to be on the
`PATH`.
* Changed `isSandboxExecAvailable` to use `access()` rather than
`command -v` so that:
  *  We only do the check once over the lifetime of the Codex process.
  * The check is specific to `/usr/bin/sandbox-exec`.
* We now do a syscall rather than incur the overhead of spawning a
process, dealing with timeouts, etc.

I think there is still room for improvement here where we should move
the `isSandboxExecAvailable` check earlier in the CLI, ideally right
after we do arg parsing to verify that we can provide the Seatbelt
sandbox if that is what the user has requested.
40460faf2a ยท 2025-04-28 13:42:04 -07:00
History
..
2025-04-26 10:13:30 -07:00
2025-04-16 12:56:08 -04:00
2025-04-16 12:56:08 -04:00
2025-04-17 07:18:43 -07:00
2025-04-16 12:56:08 -04:00
2025-04-16 12:56:08 -04:00