@@ -256,6 +256,7 @@ fn create_filesystem_args(
256256 writable_roots. push ( WritableRoot {
257257 root : AbsolutePathBuf :: from_absolute_path ( "/" ) ?,
258258 read_only_subpaths : Vec :: new ( ) ,
259+ preserved_path_names : Vec :: new ( ) ,
259260 } ) ;
260261 }
261262 let mut unreadable_roots = file_system_sandbox_policy
@@ -1425,9 +1426,15 @@ mod tests {
14251426 "--bind" . to_string( ) ,
14261427 "/" . to_string( ) ,
14271428 "/" . to_string( ) ,
1428- // Mask the default protected .codex subpath under that writable
1429- // root. Because the root is `/` in this test, the carveout path
1430- // appears as `/.codex`.
1429+ // Mask the default preserved path names under the writable root.
1430+ // Because the root is `/` in this test, these carveout paths
1431+ // appear directly below `/`.
1432+ "--ro-bind" . to_string( ) ,
1433+ "/dev/null" . to_string( ) ,
1434+ "/.git" . to_string( ) ,
1435+ "--ro-bind" . to_string( ) ,
1436+ "/dev/null" . to_string( ) ,
1437+ "/.agents" . to_string( ) ,
14311438 "--ro-bind" . to_string( ) ,
14321439 "/dev/null" . to_string( ) ,
14331440 "/.codex" . to_string( ) ,
@@ -1436,6 +1443,17 @@ mod tests {
14361443 "--bind" . to_string( ) ,
14371444 "/dev" . to_string( ) ,
14381445 "/dev" . to_string( ) ,
1446+ // Then mask the preserved names that would otherwise be
1447+ // creatable below the writable /dev bind.
1448+ "--ro-bind" . to_string( ) ,
1449+ "/dev/null" . to_string( ) ,
1450+ "/dev/.git" . to_string( ) ,
1451+ "--ro-bind" . to_string( ) ,
1452+ "/dev/null" . to_string( ) ,
1453+ "/dev/.agents" . to_string( ) ,
1454+ "--ro-bind" . to_string( ) ,
1455+ "/dev/null" . to_string( ) ,
1456+ "/dev/.codex" . to_string( ) ,
14391457 ]
14401458 ) ;
14411459 }
0 commit comments