codex icon indicating copy to clipboard operation
codex copied to clipboard
Published 4 days ago verified publisher icon openai

ripgrep operation not permitted

Open aehlke opened this issue 2 months ago • 10 comments

What version of Codex is running?

0.42.0

Which model were you using?

No response

What platform is your computer?

No response

What steps can reproduce the bug?

I get this error when codex tries to use rg:

• Ran zsh -lc 'rg "tabSelection = .reader" -n'
  └ /opt/homebrew/Homebrew/Library/Homebrew/cmd/shellenv.sh: line 18: /bin/ps: Operation not permitted

Something in my environment must be breaking this. Please advise... not sure how to debug this.

What is the expected behavior?

No response

What do you see instead?

No response

Additional information

No response

aehlke avatar Oct 02 '25 18:10 aehlke

I see /bin/ps: Operation not permitted](shellenv.sh: line 18: /bin/ps: Operation not permitted) on any command, not just rg. NB: the command succeeds, but the model sees the error and comments on it.

I think it's because shellenv.sh is in .zprofile:

❯ cat ~/.zprofile
eval "$(/opt/homebrew/bin/brew shellenv)"

And zsh runs inside the sandbox, which doesn't allow ps

tekumara avatar Oct 03 '25 09:10 tekumara

I use GNU bash as the shell and have the same problem. This worked for me:

# eval $(/opt/homebrew/bin/brew shellenv)
eval $(/opt/homebrew/bin/brew shellenv bash)

Steps to reproduce:

$ codex
▌ run 'echo $PATH'

xab3r avatar Oct 04 '25 09:10 xab3r

Thanks @xab3r that avoids running /bin/ps here and worked for me!

tekumara avatar Oct 04 '25 09:10 tekumara

I use GNU bash as the shell and have the same problem. This worked for me:

Sorry I am a bit dumb - what do you do with this eval?

edit: Oh, put it in zprofile

aehlke avatar Oct 10 '25 17:10 aehlke

I use GNU bash as the shell and have the same problem. This worked for me:

eval $(/opt/homebrew/bin/brew shellenv bash)

Thank you @xab3r , this is working for me as well. My default shell is fish, but adding those instructions to .bash_profile solved a problem.

skovtunenko avatar Oct 28 '25 23:10 skovtunenko

Alternatively, get the path of codex, for example:

which codex
/opt/homebrew/bin/codex

On macOS, System Settings -> Privacy & Security -> Full Disk Access, select +, add the codex binary file:

Image

songkeys avatar Nov 04 '25 15:11 songkeys

I worked around this by replacing the existing shellenv eval with this in .zprofile:

# Only run Homebrew shellenv in interactive shells,
# and only if brew actually exists.
if [[ $- == *i* ]] && [[ -x /opt/homebrew/bin/brew ]]; then
  eval "$(/opt/homebrew/bin/brew shellenv)"
fi

So far seems to be working for me.

GringoDotDev avatar Nov 20 '25 19:11 GringoDotDev

I worked around this by replacing the existing shellenv eval with this in .zprofile:

# Only run Homebrew shellenv in interactive shells,
# and only if brew actually exists.
if [[ $- == *i* ]] && [[ -x /opt/homebrew/bin/brew ]]; then
  eval "$(/opt/homebrew/bin/brew shellenv)"
fi

So far seems to be working for me.

@GringoDotDev Thank you. I was saved by your content.

ishibashi-futos avatar Nov 21 '25 05:11 ishibashi-futos

I think this is something codex developers should fix, any workaround in this area is just a patch.

iagooar avatar Nov 30 '25 17:11 iagooar

Alternatively, get the path of codex, for example:

which codex /opt/homebrew/bin/codex On macOS, System Settings -> Privacy & Security -> Full Disk Access, select +, add the codex binary file:

Image

In fact, I was unable to add it successfully on my macOS version(26.1).

vaspike avatar Dec 03 '25 01:12 vaspike