codex icon indicating copy to clipboard operation
codex copied to clipboard

Published 20 hours ago verified publisher icon openai

all commands in sandbox mode fail and need approval

Open phynias opened this issue 3 months ago • 1 comments

What version of Codex is running?

codex-cli 0.27.0

Which model were you using?

gtp-5

What platform is your computer?

ubuntu devcontainer

What steps can reproduce the bug?

i am starting codex with codex --full-auto -C /workspace/pixelot --search, but every edit fails with

thread 'main' panicked at linux-sandbox/src/linux_run_main.rs:28:9:
error running landlock: Sandbox(LandlockRestrict)
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

? Codex wants to run rg -n "Sidebar.tsx$|Popular Communities|AtSign|community" -S src -g '!/node_modules/'

command failed; retry without sandbox?

▌Allow command? ▌ Yes Always No, provide feedback

it does this for pretty much any command in the workspace. i have to ok them all.

What is the expected behavior?

No response

What do you see instead?

have commands work without having to remove the sandbox.

Additional information

No response

phynias avatar Sep 04 '25 02:09 phynias

Same issue on Gentoo linux.

MagicalTux avatar Sep 07 '25 15:09 MagicalTux

Same here

simsicon avatar Sep 09 '25 06:09 simsicon

use codex --sandbox danger-full-access --dangerously-bypass-approvals-and-sandbox

wodexiaobai322 avatar Sep 15 '25 03:09 wodexiaobai322

Same problem on Ubuntu

Linux 5.14.0-427.76.1.el9_4.x86_64 x86_64 x86_64

samuelstevens avatar Sep 17 '25 14:09 samuelstevens

So apparently landlock was added to Codex recently, as it worked fine for me before. Obviously it's not a great idea to just disable sandboxing and giving Codex full access to your entire machine, so the proper solution, so for those who want a proper fix: Landlock is a Linux kernel feature, if you're running a non-standard/non-supported/custom/old kernel it might not be supported. Most if not all stock distro kernels should support landlock, but if you're running a non-standard kernel, you'll either have to switch kernel or recompile with landlock enabled (CONFIG_SECURITY_LANDLOCK=y). After I rebuilt my kernel with CONFIG_SECURITY_LANDLOCK=y it started working without issue for me.

A clearer error message would be nice here, since it's not obvious at all what's going on here, but at least the root cause is known now.

SharkWipf avatar Sep 26 '25 13:09 SharkWipf

Same on WSL 2 (Ubuntu)

jjsantos01 avatar Oct 18 '25 21:10 jjsantos01

use codex --sandbox danger-full-access --dangerously-bypass-approvals-and-sandbox

smooth like butter

hn-yu avatar Oct 20 '25 03:10 hn-yu

So apparently landlock was added to Codex recently, as it worked fine for me before. Obviously it's not a great idea to just disable sandboxing and giving Codex full access to your entire machine, so the proper solution, so for those who want a proper fix: Landlock is a Linux kernel feature, if you're running a non-standard/non-supported/custom/old kernel it might not be supported. Most if not all stock distro kernels should support landlock, but if you're running a non-standard kernel, you'll either have to switch kernel or recompile with landlock enabled (CONFIG_SECURITY_LANDLOCK=y). After I rebuilt my kernel with CONFIG_SECURITY_LANDLOCK=y it started working without issue for me.

A clearer error message would be nice here, since it's not obvious at all what's going on here, but at least the root cause is known now.

WSL1 with an emulated kernel seems to have issues as well

mohag avatar Nov 07 '25 10:11 mohag

I think the remaining issue here is captured in #6665, so I'm going to close this issue.

etraut-openai avatar Nov 18 '25 02:11 etraut-openai

The same occurs on BitBucket pipeline, irrespective of which sandbox arguments are provided:

/bin/bash -lc ls in /opt/atlassian/pipelines/agent/build exited 101 in 4ms:
thread 'main' panicked at linux-sandbox/src/linux_run_main.rs:30:9:
error running landlock: Sandbox(LandlockRestrict)

GertBurger avatar Nov 28 '25 18:11 GertBurger