Skip to content

Enforce preserved path names in Linux sandbox#19852

Draft
evawong-oai wants to merge 1 commit intocodex/bugb15632-runtime-permissionsfrom
codex/bugb15632_missing_protected_paths_v2
Draft

Enforce preserved path names in Linux sandbox#19852
evawong-oai wants to merge 1 commit intocodex/bugb15632-runtime-permissionsfrom
codex/bugb15632_missing_protected_paths_v2

Conversation

@evawong-oai
Copy link
Copy Markdown
Contributor

@evawong-oai evawong-oai commented Apr 27, 2026
edited
Loading

Summary

Teach Linux bubblewrap to enforce preserved path names so writable roots cannot create or replace .git, .codex, or .agents unless user policy explicitly allows it.

Scope

  1. Convert preserved path names into protected create targets for writable roots.
  2. Keep bind mount targets valid while masking missing reserved paths.
  3. Add Linux sandbox launcher coverage for first time creation, explicit carveouts, and normal git operations.

Reviewer Focus

  1. This PR only covers Linux bubblewrap enforcement.
  2. Policy shape is introduced in Add preserved path policy primitive #19846.
  3. macOS enforcement is handled separately in Enforce preserved path names in Seatbelt #19847.
  4. Normal git operations should still work when git metadata already exists.

Stack

  1. Policy primitive: Add preserved path policy primitive #19846
  2. macOS Seatbelt enforcement: Enforce preserved path names in Seatbelt #19847
  3. Shell preflight: Add preserved path shell preflight #19848
  4. Runtime permission propagation: Propagate runtime permission profiles #19849
  5. Linux bubblewrap enforcement: this PR

Validation

  1. Linux sandbox crate compiled locally on macOS.
  2. Focused protocol preserved path test passed locally after latest main catch up.
  3. CLI and core compile check passed locally after latest main catch up.
  4. Formatter passed locally.
  5. Forty six devbox cases passed on the stacked head using the just c harness.

This was referenced Apr 27, 2026
Open
Draft
Draft
Draft
Merged
@evawong-oai evawong-oai force-pushed the codex/bugb15632-runtime-permissions branch from f23239c to 2e4f779 Compare April 27, 2026 18:32
@evawong-oai evawong-oai force-pushed the codex/bugb15632_missing_protected_paths_v2 branch 2 times, most recently from 56fd774 to 7b2a10c Compare April 27, 2026 18:40
@evawong-oai evawong-oai force-pushed the codex/bugb15632-runtime-permissions branch from 2e4f779 to 774934a Compare April 27, 2026 18:40
@evawong-oai evawong-oai force-pushed the codex/bugb15632_missing_protected_paths_v2 branch from 7b2a10c to 7917f64 Compare April 27, 2026 18:55
@evawong-oai evawong-oai force-pushed the codex/bugb15632-runtime-permissions branch from 774934a to 21cfe9c Compare April 27, 2026 18:55
@evawong-oai evawong-oai force-pushed the codex/bugb15632_missing_protected_paths_v2 branch from 7917f64 to fa82006 Compare April 27, 2026 19:07
@evawong-oai evawong-oai force-pushed the codex/bugb15632-runtime-permissions branch from 4e95f07 to 5f6cf03 Compare April 27, 2026 19:49
@evawong-oai evawong-oai force-pushed the codex/bugb15632_missing_protected_paths_v2 branch 2 times, most recently from 87b8a74 to 83c8532 Compare April 27, 2026 20:52
@evawong-oai evawong-oai force-pushed the codex/bugb15632-runtime-permissions branch 2 times, most recently from a73dc93 to f483023 Compare April 27, 2026 21:14
@evawong-oai evawong-oai force-pushed the codex/bugb15632_missing_protected_paths_v2 branch 3 times, most recently from f22eea7 to 315a0c1 Compare April 27, 2026 21:32
@evawong-oai evawong-oai force-pushed the codex/bugb15632-runtime-permissions branch from f483023 to 9d4f283 Compare April 27, 2026 22:22
@evawong-oai evawong-oai force-pushed the codex/bugb15632_missing_protected_paths_v2 branch from 315a0c1 to 684fe6f Compare April 27, 2026 22:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@evawong-oai