Codex sandbox preflight

When to use

• Start of a new Codex session (default).
• You see sandbox-ish errors like PermissionError: [Errno 1] Operation not permitted, seccomp, or unexpected “Permission denied” when paths look writable.
• You need to know if network is disabled in the tool sandbox before attempting auth, installs, git push, etc.

Workflow

1. Run the preflight helper:

scripts/codex-sandbox-preflight.sh

2. If you’re in a normal shell and want to see what happens when network is enabled inside the sandbox:

scripts/codex-sandbox-preflight.sh --with-network

3. Summarize results (don’t paste the full output unless asked):

• Tool sandbox network: socket() allowed vs blocked (and DNS if allowed).
• Writable roots: whether ~/.config/wbg-auth is writable inside the sandbox.
• Config drift: whether ~/.codex/config.toml is symlinked to dotfiles or has diverged.

Interpretation cheatsheet

• INFO- socket() syscall blocked:
  • Tool sandbox has network disabled (expected in many sandboxed sessions).
  • Avoid network-dependent commands/tools inside the sandbox.
  • To allow sandbox network, start Codex with -c sandbox_workspace_write.network_access=true (still sandboxed, but with egress).
• WARN missing_writable_root=$HOME/.config/wbg-auth (or similar) / sandbox write fails for ~/.config/wbg-auth:
  • wbg-auth will crash on startup due to log file creation.
  • Fix by adding ~/.config/wbg-auth to sandbox_workspace_write.writable_roots in ~/.codex/config.toml.

Notes / pitfalls

• Running this from inside an already-restricted tool sandbox cannot “prove” that enabling network would work; outer seccomp will still block socket(). Use --with-network from a normal shell for that.
• This helper must never print secrets; it only checks tool presence, config linkage, writability, and basic DNS.