openai
panic due to sandbox. error running landlock: Sandbox(LandlockRestrict)
What version of Codex is running?
codex-cli 0.21.0
Which model were you using?
gpt-5
What platform is your computer?
Linux 6.14.8-asahi aarch64 unknown
What steps can reproduce the bug?
Note: I am on NixOS, my config is here
simply doing /init in codex triggers numerous of these prompts.
What is the expected behavior?
codex should be able to apply diffs.
What do you see instead?
No response
Additional information
No response
note: it worked after I ran it as codex -s workspace-write. But I don't know why it failed originally. I did accept all requests to allow it to execute commands.
Getting this within NixOS as well.
Output of uname -mprs is Linux 6.6.97+ x86_64 unknown
Same problem on Ubuntu
Linux 5.14.0-427.76.1.el9_4.x86_64 x86_64 x86_64
Root cause/solution in #3140, tl;dr: Missing landlock in the Linux kernel, install or build a kernel with CONFIG_SECURITY_LANDLOCK=y
Getting this problem as well. Building a kernel seems not possible since I dont have root on the machine I use
Codex should probably be (a lot) clearer about landlock being required for sandboxing to work, and should check if the sandbox works before running.
@adrianmihalko From what I can tell/from what google tells me, Debian has refused to support Landlock since 2022 with no explanation why, seemingly with no mention of it since. Almost every other distro supports it out of the box by default. I doubt Codex is planning to completely redo its sandboxing using some other method, so your (and anyone else's running into this issue) options are:
- Convince Debian to ship a landlock-enabled kernel;
- Build your own landlock-enabled kernel
- Use pretty much any other modern distro (even EL supports it ootb)
- Disable sandboxing entirely. Codex will run fine if you disable sandboxing/enable full read/write, but it will be able to touch your entire system in any way it wants, so it is a non-trivial risk.
In my view, Landlock isn't a good selection due to its limited adoption. My development environment, for example, is a docker container, but I don't have visibility into the underlying cluster infrastructure, nor can I propose adaptation measures to the appropriate team
Same problem on a custom Linux with codex 0.58
$ codex --sandbox workspace-write --ask-for-approval never
› can you confirm you can execute commands based on the sandbox that is configured for this folder
• I’ll quickly run pwd, list files, and create/remove a temp file to confirm command execution and write access here.
• Ran set -euo pipefail
│ printf 'CWD: '
│ pwd
│ … +8 lines
└
thread 'main' panicked at linux-sandbox/src/linux_run_main.rs:30:9:
error running landlock: Sandbox(LandlockRestrict)
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
─ Worked for 36s ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
• I tried running basic commands, but command execution is blocked here. The sandbox failed with: “error running landlock: Sandbox(LandlockRestrict)”, so even simple
reads like pwd/ls didn’t run.
- Current status: I can’t execute shell commands in this environment.
- What I can do: read and edit files via patches; review code; propose changes.
- To enable commands: rerun with a mode that allows execution (e.g., disable Landlock, switch sandbox to danger-full-access, or allow escalated/unsandboxed
commands).
OK so https://github.com/openai/codex/issues/2267#issuecomment-3338689060 is helpful... but not sure why in my case my kernel says it has landlock but I still get the error above then:
$ uname -r
6.12.0-104.43.4.2.el9uek.x86_64
$ grep LANDLOCK /boot/config-$(uname -r)
CONFIG_SECURITY_LANDLOCK=y
@saidelike If your kernel has built-in config (/proc/config.gz) check it just in case.
