Skip to content

add codex debug seatbelt --log-denials #4098

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nornagon-openai merged 21 commits into from
Nov 10, 2025
Merged

add codex debug seatbelt --log-denials #4098

nornagon-openai merged 21 commits into from
Nov 10, 2025

Conversation

@nornagon-openai
Copy link
Collaborator

@nornagon-openai nornagon-openai commented Sep 23, 2025

This adds a debugging tool for analyzing why certain commands fail to execute under the sandbox.

Example output:

$ codex debug seatbelt --log-denials bash -lc "(echo foo > ~/foo.txt)"
bash: /Users/nornagon/foo.txt: Operation not permitted

=== Sandbox denials ===
(bash) file-write-data /dev/tty
(bash) file-write-data /dev/ttys001
(bash) sysctl-read kern.ngroups
(bash) file-write-create /Users/nornagon/foo.txt

It operates by:

  1. spawning log stream to watch system logs, and
  2. tracking all descendant PIDs using kqueue + proc_listchildpids.

this is a "best-effort" technique, as log stream may drop logs(?), and kqueue + proc_listchildpids isn't atomic and can end up missing very short-lived processes. But it works well enough in my testing to be useful :)

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Sep 23, 2025
View reviewed changes
Copy link
Contributor

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Codex Review: Here are some suggestions.

About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you open a pull request for review, mark a draft as ready, or comment "@codex review". If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex fix this CI failure" or "@codex address that feedback".

codex-rs/cli/src/debug_sandbox/pid_tracker.rs
Comment on lines +35 to +41
unsafe extern "C" {
fn proc_listchildpids(
ppid: libc::c_int,
buffer: *mut libc::c_void,
buffersize: libc::c_int,
) -> libc::c_int;
}
Copy link
Contributor

@chatgpt-codex-connector chatgpt-codex-connector bot Sep 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[P1] Link libproc for proc_listchildpids FFI

The new PID tracker calls proc_listchildpids directly, but the file doesn’t link the libproc library. On macOS these symbols live in libproc rather than libSystem, so without an explicit #[link(name = "proc")] (or using a crate that provides it) the CLI will fail to link with an undefined symbol error when --log-denials is built. Add the missing link attribute so the code compiles.

Useful? React with 👍 / 👎.

@bolinfest
Copy link
Collaborator

bolinfest commented Sep 23, 2025

@nornagon-openai this appears to add a new folder named tmp/, which seems...odd

@nornagon-openai
Copy link
Collaborator Author

nornagon-openai commented Sep 23, 2025

@bolinfest oops, some test code unintentionally committed. Removed.

@bolinfest
Copy link
Collaborator

bolinfest commented Sep 23, 2025

@nornagon-openai the builds are red and Codex seems to have flagged some potential link issues?

@nornagon-openai
Copy link
Collaborator Author

nornagon-openai commented Oct 21, 2025

@bolinfest CI is green now, and Codex's review comment seems spurious to me. The build works fine on macOS, as evidenced by the fact that CI is green :D

bolinfest
bolinfest approved these changes Nov 10, 2025
View reviewed changes
codex-rs/cli/src/debug_sandbox.rs Outdated
Landlock,
}

#[cfg_attr(not(target_os = "macos"), allow(unused_variables))]
Copy link
Collaborator

@bolinfest bolinfest Nov 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be nice to have allow(unused_variables) more tightly scoped.

@nornagon-openai nornagon-openai enabled auto-merge (squash) November 10, 2025 22:38
@nornagon-openai nornagon-openai merged commit 0271c20 into main Nov 10, 2025
25 checks passed
@nornagon-openai nornagon-openai deleted the nornagon/log-denials branch November 10, 2025 22:48
@github-actions github-actions bot locked and limited conversation to collaborators Nov 10, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@bolinfest bolinfest bolinfest approved these changes

@fouad-openai fouad-openai Awaiting requested review from fouad-openai

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nornagon-openai @bolinfest @etraut-openai