docs: troubleshooting for bwrap sandbox failures on restricted hosts#1
Open
AZERIA-IT wants to merge 1 commit into
Open
docs: troubleshooting for bwrap sandbox failures on restricted hosts#1AZERIA-IT wants to merge 1 commit into
AZERIA-IT wants to merge 1 commit into
Conversation
Document the bwrap loopback failure mode that surfaces on VPS / LXC / capability-restricted hosts (apply_patch + shell sandbox refuse to write). Covers root cause (Codex sandboxer cannot init network namespace), two workarounds (host-side sysctl unprivileged_userns_clone, codex-side bypass via config.toml), and notes that codex-companion.mjs hard-codes the per-turn sandbox to workspace-write — relevant when relying on a config.toml-level danger-full-access override.
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
bwrap: loopback: Failed RTM_NEWADDR: Operation not permittedfailure mode that surfaces on VPS / LXC / capability-restricted hosts when Codex tries to write files inside acodex-taskturn.claude-code-codex-taskbug — the wrapper's launch / poll / result lifecycle still completes correctly; only the Codex worker'sapply_patchand shell exec fail.sysctl kernel.unprivileged_userns_clone=1(where the provider allows it),approval_policy = "never"+sandbox_mode = "danger-full-access"in~/.codex/config.toml, with the explicit caveat that this should only be used on hosts that are themselves sandboxes.codex-companion.mjscurrently hard-codes the per-turn sandbox toworkspace-writeregardless of the user'sconfig.toml(line ~488 in v1.0.4), so on broken-bwrap hosts users may also need to patch the companion script or callcodex exec --dangerously-bypass-approvals-and-sandboxdirectly.Motivation
Hit this on an OVH VPS today during a clean install of the subagent. The wrapper itself behaved correctly (4m35s alive, returned terminal completion), but every Codex worker turn failed silently from the user's POV with a write-permission summary, which is easy to misattribute to this repo.
Test plan
codex execand thecodex-taskwrapper both affectedcodex exec --dangerously-bypass-approvals-and-sandbox→ file written, terminal statuscompletedcodex-companion.mjsto passdanger-full-access→ wrapper round-trip succeeded in 43s (was failing at 4m35s before)Out of scope
openai/codex-plugin-cchere; that's a separate ask.