Skip to content

[do not merge] add managed filesystem deny_read blocklist #12389

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
viyatb-oai wants to merge 25 commits into from
Closed

[do not merge] add managed filesystem deny_read blocklist #12389

Show file tree
Hide file tree
Changes from 15 commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
c374225
feat(linux-sandbox): support restricted ReadOnlyAccess in bwrap
viyatb-oai Feb 20, 2026
3460468
test(linux-sandbox): avoid root cwd in restricted bwrap test
viyatb-oai Feb 20, 2026
5030b4f
feat(permissions): add managed filesystem deny_read blocklist
viyatb-oai Feb 20, 2026
4cece2a
fix(app-server-test-client): initialize deny_read_paths
viyatb-oai Feb 20, 2026
5e645c6
fix(sandbox-summary): ignore deny_read_paths in workspace write summary
viyatb-oai Feb 20, 2026
b336679
fix(permissions): preserve managed deny_read across mode changes
viyatb-oai Feb 21, 2026
86c0fc8
fix(permissions): keep deny_read sandboxing for allowed exec rules
viyatb-oai Feb 21, 2026
15fcc43
fix(permissions): block deny_read bypass via exec escalation
viyatb-oai Feb 21, 2026
048f39d
fix(permissions): harden deny_read no-sandbox retries
viyatb-oai Feb 21, 2026
f0167c9
fix(permissions): reject unsupported sandbox modes for deny_read
viyatb-oai Feb 26, 2026
d5517ce
fix(permissions): enforce deny_read in full-access modes
viyatb-oai Feb 26, 2026
e868666
feat(permissions): expand deny_read globs at config load
viyatb-oai Feb 27, 2026
0d00d59
feat(core): include deny_read paths in environment context
viyatb-oai Feb 27, 2026
dbb36b8
fix(permissions): make deny_read sandbox constraints explicit
viyatb-oai Mar 2, 2026
4dd8a79
merge: merge origin/main into codex/viyatb/deny-read-requirements-only
viyatb-oai Mar 2, 2026
2a6973c
fix(ci): restore deny_read_paths test fixtures
viyatb-oai Mar 2, 2026
3e62864
fix(ci): fill linux sandbox test policy
viyatb-oai Mar 2, 2026
685883a
fix(linux-sandbox): mask missing deny_read paths
viyatb-oai Mar 2, 2026
eb04235
Codex worktree snapshot: new-branch-cleanup
viyatb-oai Mar 7, 2026
4778497
Merge origin/main into codex/viyatb/deny-read-requirements-only
viyatb-oai Mar 8, 2026
dcbbaeb
chore: trim stale deny_read policy churn
viyatb-oai Mar 8, 2026
1c7a9ef
fix(core): update deny-read test fixtures
viyatb-oai Mar 10, 2026
5eed397
Merge origin/main into codex/viyatb/deny-read-requirements-only
viyatb-oai Mar 10, 2026
87be415
fix(cloud-requirements): initialize permissions in test fixtures
viyatb-oai Mar 10, 2026
6247a5e
Merge origin/main into codex/viyatb/deny-read-requirements-only
viyatb-oai Mar 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions codex-rs/app-server-protocol/schema/json/ClientRequest.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1618,6 +1618,13 @@
"type": "fullAccess"
}
},
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"type": {
"enum": [
"readOnly"
Expand All @@ -1634,6 +1641,13 @@
},
{
"properties": {
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"networkAccess": {
"allOf": [
{
Expand All @@ -1658,6 +1672,13 @@
},
{
"properties": {
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"excludeSlashTmp": {
"default": false,
"type": "boolean"
Expand Down
21 changes: 21 additions & 0 deletions codex-rs/app-server-protocol/schema/json/EventMsg.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5261,6 +5261,13 @@
],
"description": "Read access granted while running under this policy."
},
"deny_read_paths": {
"description": "Paths that must not be readable, even when broad read access is otherwise allowed.",
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"type": {
"enum": [
"read-only"
Expand All @@ -5278,6 +5285,13 @@
{
"description": "Indicates the process is already in an external sandbox. Allows full disk access while honoring the provided network setting.",
"properties": {
"deny_read_paths": {
"description": "Paths that must not be readable, even when broad read access is otherwise allowed.",
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"network_access": {
"allOf": [
{
Expand All @@ -5304,6 +5318,13 @@
{
"description": "Same as `ReadOnly` but additionally grants write access to the current working directory (\"workspace\").",
"properties": {
"deny_read_paths": {
"description": "Paths that must not be readable, even when broad read access is otherwise allowed.",
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"exclude_slash_tmp": {
"default": false,
"description": "When set to `true`, will NOT include the `/tmp` among the default writable roots on UNIX. Defaults to `false`.",
Expand Down
21 changes: 21 additions & 0 deletions codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11782,6 +11782,13 @@
"type": "fullAccess"
}
},
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/v2/AbsolutePathBuf"
},
"type": "array"
},
"type": {
"enum": [
"readOnly"
Expand All @@ -11798,6 +11805,13 @@
},
{
"properties": {
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/v2/AbsolutePathBuf"
},
"type": "array"
},
"networkAccess": {
"allOf": [
{
Expand All @@ -11822,6 +11836,13 @@
},
{
"properties": {
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/v2/AbsolutePathBuf"
},
"type": "array"
},
"excludeSlashTmp": {
"default": false,
"type": "boolean"
Expand Down
21 changes: 21 additions & 0 deletions codex-rs/app-server-protocol/schema/json/v2/CommandExecParams.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,13 @@
"type": "fullAccess"
}
},
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"type": {
"enum": [
"readOnly"
Expand All @@ -105,6 +112,13 @@
},
{
"properties": {
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"networkAccess": {
"allOf": [
{
Expand All @@ -129,6 +143,13 @@
},
{
"properties": {
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"excludeSlashTmp": {
"default": false,
"type": "boolean"
Expand Down
21 changes: 21 additions & 0 deletions codex-rs/app-server-protocol/schema/json/v2/ThreadForkResponse.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -653,6 +653,13 @@
"type": "fullAccess"
}
},
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"type": {
"enum": [
"readOnly"
Expand All @@ -669,6 +676,13 @@
},
{
"properties": {
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"networkAccess": {
"allOf": [
{
Expand All @@ -693,6 +707,13 @@
},
{
"properties": {
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"excludeSlashTmp": {
"default": false,
"type": "boolean"
Expand Down
21 changes: 21 additions & 0 deletions codex-rs/app-server-protocol/schema/json/v2/ThreadResumeResponse.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -653,6 +653,13 @@
"type": "fullAccess"
}
},
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"type": {
"enum": [
"readOnly"
Expand All @@ -669,6 +676,13 @@
},
{
"properties": {
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"networkAccess": {
"allOf": [
{
Expand All @@ -693,6 +707,13 @@
},
{
"properties": {
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"excludeSlashTmp": {
"default": false,
"type": "boolean"
Expand Down
21 changes: 21 additions & 0 deletions codex-rs/app-server-protocol/schema/json/v2/ThreadStartResponse.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -653,6 +653,13 @@
"type": "fullAccess"
}
},
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"type": {
"enum": [
"readOnly"
Expand All @@ -669,6 +676,13 @@
},
{
"properties": {
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"networkAccess": {
"allOf": [
{
Expand All @@ -693,6 +707,13 @@
},
{
"properties": {
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"excludeSlashTmp": {
"default": false,
"type": "boolean"
Expand Down
21 changes: 21 additions & 0 deletions codex-rs/app-server-protocol/schema/json/v2/TurnStartParams.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -214,6 +214,13 @@
"type": "fullAccess"
}
},
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"type": {
"enum": [
"readOnly"
Expand All @@ -230,6 +237,13 @@
},
{
"properties": {
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"networkAccess": {
"allOf": [
{
Expand All @@ -254,6 +268,13 @@
},
{
"properties": {
"denyReadPaths": {
"default": [],
"items": {
"$ref": "#/definitions/AbsolutePathBuf"
},
"type": "array"
},
"excludeSlashTmp": {
"default": false,
"type": "boolean"
Expand Down
16 changes: 14 additions & 2 deletions codex-rs/app-server-protocol/schema/typescript/SandboxPolicy.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,19 @@ export type SandboxPolicy = { "type": "danger-full-access" } | { "type": "read-o
/**
* Read access granted while running under this policy.
*/
access?: ReadOnlyAccess, } | { "type": "external-sandbox",
access?: ReadOnlyAccess,
/**
* Paths that must not be readable, even when broad read access is otherwise allowed.
*/
deny_read_paths?: Array<AbsolutePathBuf>, } | { "type": "external-sandbox",
/**
* Whether the external sandbox permits outbound network traffic.
*/
network_access: NetworkAccess, } | { "type": "workspace-write",
network_access: NetworkAccess,
/**
* Paths that must not be readable, even when broad read access is otherwise allowed.
*/
deny_read_paths?: Array<AbsolutePathBuf>, } | { "type": "workspace-write",
/**
* Additional folders (beyond cwd and possibly TMPDIR) that should be
* writable from within the sandbox.
Expand All @@ -26,6 +34,10 @@ writable_roots?: Array<AbsolutePathBuf>,
* Read access granted while running under this policy.
*/
read_only_access?: ReadOnlyAccess,
/**
* Paths that must not be readable, even when broad read access is otherwise allowed.
*/
deny_read_paths?: Array<AbsolutePathBuf>,
/**
* When set to `true`, outbound network access is allowed. `false` by
* default.
Expand Down
2 changes: 1 addition & 1 deletion codex-rs/app-server-protocol/schema/typescript/v2/SandboxPolicy.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
import type { NetworkAccess } from "./NetworkAccess";
import type { ReadOnlyAccess } from "./ReadOnlyAccess";

export type SandboxPolicy = { "type": "dangerFullAccess" } | { "type": "readOnly", access: ReadOnlyAccess, } | { "type": "externalSandbox", networkAccess: NetworkAccess, } | { "type": "workspaceWrite", writableRoots: Array<AbsolutePathBuf>, readOnlyAccess: ReadOnlyAccess, networkAccess: boolean, excludeTmpdirEnvVar: boolean, excludeSlashTmp: boolean, };
export type SandboxPolicy = { "type": "dangerFullAccess" } | { "type": "readOnly", access: ReadOnlyAccess, denyReadPaths: Array<AbsolutePathBuf>, } | { "type": "externalSandbox", networkAccess: NetworkAccess, denyReadPaths: Array<AbsolutePathBuf>, } | { "type": "workspaceWrite", writableRoots: Array<AbsolutePathBuf>, readOnlyAccess: ReadOnlyAccess, denyReadPaths: Array<AbsolutePathBuf>, networkAccess: boolean, excludeTmpdirEnvVar: boolean, excludeSlashTmp: boolean, };
Loading
Loading