Linux bwrap fails when protected symlinked carveout points outside writable roots (No such file or directory)

[rebroad]

Summary

Linux sandbox startup can fail when a protected read-only carveout path (for example .git) is a symlink under a writable root and that symlink points to an absolute target outside writable roots.

bwrap is currently invoked with a mask like:

--ro-bind /dev/null /var/tmp/src-builds/codex.other/.git

In this scenario, preflight can fail before any command/tool runs with:

bwrap: Can't create file at /var/tmp/src-builds/codex.other/.git: No such file or directory

Repro shape

• workspace-write sandbox with writable root that canonicalizes to /var/tmp/src-builds/codex.other
• protected carveouts include .../.git
• .../.git is a symlink to an absolute path outside writable roots

Example:

• /var/tmp/src-builds/codex.other/.git -> /home/rebroad/src/codex/.git

Observed behavior

• non-escalated commands (including apply_patch) fail at sandbox preflight
• error appears before command execution

Expected behavior

Sandbox should start successfully. It should not hard-fail when masking a symlinked protected path in this layout.

Related issues

• Linux sandbox fails with "bwrap: Can't create file ... Is a directory" when protected workspace path is a symlinked directory #15725 (symlinked directory carveout variant)
• apply_patch fails in Android repo subprojects when .git is a symlink to a directory (bwrap: .../.git: Is a directory) #16161 (.git symlink Is a directory variant)

This appears to be a related but distinct failure mode (No such file or directory) triggered by symlink target layout and mount semantics.

[github-actions]

Potential duplicates detected. Please review them and close your issue if it is a duplicate.

• Linux sandbox fails with "bwrap: Can't create file ... Is a directory" when protected workspace path is a symlinked directory #15725
• apply_patch fails in Android repo subprojects when .git is a symlink to a directory (bwrap: .../.git: Is a directory) #16161

Powered by Codex Action

[rebroad]

Clarifying why this may or may not be distinct from #15725 / #16161:

• Linux sandbox fails with "bwrap: Can't create file ... Is a directory" when protected workspace path is a symlinked directory #15725 and apply_patch fails in Android repo subprojects when .git is a symlink to a directory (bwrap: .../.git: Is a directory) #16161 both center on bwrap failing with Is a directory for symlinked protected carveouts.
• This report observed a different concrete failure string for the same masking pattern:
  • --ro-bind /dev/null <symlinked-protected-path>
  • error: No such file or directory
• Repro context here also differs slightly:
  • writable root canonicalized under /var/tmp/src-builds/...
  • protected .git symlink pointing to an absolute target outside writable roots.

That said, this could still be the same underlying class of bug (file-style /dev/null masking on symlinked carveouts) with a different filesystem/layout-dependent error message.

If maintainers believe the existing fix/work in #15725 (or prior fixes around #16161) fully covers this case, this issue can be closed as duplicate. I’m keeping this open only to preserve the No such file or directory variant and exact mount argv seen in logs.

[viyatb-oai]

being fixed in #15981