Skip to content

[codex] Support bubblewrap in secure Docker devcontainer #17547

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
viyatb-oai merged 3 commits into from
Apr 12, 2026
+14 −0
Merged

[codex] Support bubblewrap in secure Docker devcontainer #17547

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a3914c6
fix(devcontainer): support bubblewrap inside docker
viyatb-oai Apr 12, 2026
995f1fe
fix(devcontainer): scope bubblewrap setup to secure profile
viyatb-oai Apr 12, 2026
5cc7c33
fix(devcontainer): simplify docker seccomp setup
viyatb-oai Apr 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .devcontainer/Dockerfile.secure
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ ENV TZ="$TZ"

SHELL ["/bin/bash", "-o", "pipefail", "-c"]

# Devcontainers run as a non-root user, so enable bubblewrap's setuid mode.
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
build-essential \
Expand Down Expand Up @@ -37,6 +38,8 @@ RUN apt-get update \
ipset \
iptables \
aggregate \
bubblewrap \
&& chmod u+s /usr/bin/bwrap \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

Expand Down
4 changes: 4 additions & 0 deletions .devcontainer/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ Use `devcontainer.json` when you are developing Codex itself. This is the same l
Use `devcontainer.secure.json` when you want a stricter runtime profile for running Codex inside a project container:

- installs the Codex CLI plus common build tools
- installs bubblewrap in setuid mode for Codex's Linux sandbox
- disables Docker's outer seccomp and AppArmor profiles so bubblewrap can construct Codex's inner sandbox
- enables firewall startup with an allowlist-driven outbound policy
- blocks IPv6 by default so the allowlist cannot be bypassed over AAAA routes
- requires `NET_ADMIN` and `NET_RAW` so the firewall can be installed at startup
Expand Down Expand Up @@ -43,3 +45,5 @@ Note that `/workspace/target` will contain the binaries built for your host plat
For arm64, specify `--platform=linux/arm64` instead for both `docker build` and `docker run`.

Currently, the contributor `Dockerfile` works for both x64 and arm64 Linux, though you need to run `rustup target add x86_64-unknown-linux-musl` yourself to install the musl toolchain for x64.

The secure profile's capability, seccomp, and AppArmor options are required when you want Codex's bubblewrap sandbox to run inside Docker as the non-root devcontainer user. Without them, Docker's default runtime profile can block bubblewrap's namespace setup before Codex's own seccomp filter is installed. This keeps the Docker relaxation explicit in the profile that is meant to run Codex inside a project container, while the default contributor profile stays lightweight.
7 changes: 7 additions & 0 deletions .devcontainer/devcontainer.secure.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,13 @@
}
},
"runArgs": [
"--cap-add=SYS_ADMIN",
"--cap-add=SYS_CHROOT",
"--cap-add=SETUID",
"--cap-add=SETGID",
"--cap-add=SYS_PTRACE",
"--security-opt=seccomp=unconfined",
"--security-opt=apparmor=unconfined",
"--cap-add=NET_ADMIN",
"--cap-add=NET_RAW"
],
Expand Down
Loading