Skip to content

fix: enable GitHub-hosted Linux bubblewrap support #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
viyatb-oai merged 4 commits into from
Mar 17, 2026
Merged

fix: enable GitHub-hosted Linux bubblewrap support #77

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
5e8097d
fix: enable bubblewrap user namespaces on GitHub Linux
viyatb-oai Mar 17, 2026
cce996a
fix: apply Linux userns setup for all sandbox modes
viyatb-oai Mar 17, 2026
4e14672
fix: document Linux bubblewrap setup invariants
viyatb-oai Mar 17, 2026
beaf98f
fix: link Linux bubblewrap workaround context
viyatb-oai Mar 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,7 @@ See [Protecting your `OPENAI_API_KEY`](./docs/security.md#protecting-your-openai

- **Windows**: GitHub-hosted Windows runners lack a supported sandbox. Set `safety-strategy: unsafe`. The action validates this and exits early otherwise.
- **Linux/macOS**: All options for `safety-strategy` are supported. Again, if you pick `drop-sudo`, remember that later steps in your `job` that rely on `sudo` will fail. If you do need to run code that requires `sudo` after `openai/codex-action` has run, one option is to pipe the output of `openai/codex-action` to a fresh `job` on a new host and to continue your workflow from there.
- **GitHub-hosted Linux runners**: The action enables unprivileged user namespaces during setup and clears Ubuntu's AppArmor gate when present. This avoids the `bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted` failure seen on newer hosted images, including workflows that use the action once to bootstrap Codex and then call `codex` in later steps. Self-hosted Linux runners still need equivalent kernel support configured ahead of time.

## Outputs

Expand Down
16 changes: 16 additions & 0 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -259,6 +259,22 @@ runs:
--port "$PROXY_PORT" \
--safety-strategy "$SAFETY_STRATEGY"

- name: Enable Linux user namespaces for bubblewrap
if: ${{ runner.os == 'Linux' && runner.environment == 'github-hosted' && (inputs['openai-api-key'] != '' || inputs.prompt != '' || inputs['prompt-file'] != '') }}
shell: bash
run: |
current_userns="$(sysctl -n kernel.unprivileged_userns_clone 2>/dev/null || true)"
if [ -n "$current_userns" ] && [ "$current_userns" != "1" ]; then
echo "Enabling kernel.unprivileged_userns_clone for bubblewrap."
sudo sysctl -w kernel.unprivileged_userns_clone=1
fi

current_apparmor="$(sysctl -n kernel.apparmor_restrict_unprivileged_userns 2>/dev/null || true)"
if [ -n "$current_apparmor" ] && [ "$current_apparmor" != "0" ]; then
echo "Disabling kernel.apparmor_restrict_unprivileged_userns for bubblewrap."
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
fi

- name: Drop sudo privilege, if appropriate
if: ${{ inputs['safety-strategy'] == 'drop-sudo' && inputs['openai-api-key'] != '' }}
shell: bash
Expand Down
Loading