codex-home is passed via environment variables of subprocess.spawn.
|
const child = spawn(program, command, { |
|
env, |
|
stdio: ["pipe", "inherit", "inherit"], |
|
}); |
However, if safety-strategy: unprivileged-user is set, the command is prefixed with sudo -u ${codexUser} --:
|
command.push("sudo", "-u", codexUser, "--"); |
The problem is, sudo does not pass enviroment variables unless -E(--preserve-env) flag is set.
This causes configuration mismatch, usually leading to 401 Unauthorized because proxy config is not applied:
ERROR codex_api::endpoint::responses_websocket: failed to connect to websocket: HTTP error: 401 Unauthorized, url: wss://api.openai.com/v1/responses
...
ERROR: Reconnecting... 5/5
ERROR: unexpected status 401 Unauthorized: Missing bearer or basic authentication in header, url: https://api.openai.com/v1/responses, cf-ray: ..., request id: ...
codex-homeis passed via environment variables ofsubprocess.spawn.codex-action/src/runCodexExec.ts
Lines 167 to 170 in e0fdf01
However, if
safety-strategy: unprivileged-useris set, the command is prefixed withsudo -u ${codexUser} --:codex-action/src/runCodexExec.ts
Line 117 in e0fdf01
The problem is,
sudodoes not pass enviroment variables unless-E(--preserve-env) flag is set.This causes configuration mismatch, usually leading to
401 Unauthorizedbecause proxy config is not applied: