Linux sandbox (bubblewrap) uses non-unique temp registry path, breaking multi-user /tmp

[agolovanov]

What version of the IDE extension are you using?

v26.429.30905

What subscription do you have?

Plus

Which IDE are you using?

VS Code

What platform is your computer?

Linux 5.14.0-427.42.1.el9_4.x86_64 x86_64 x86_64

What issue are you seeing?

By default, Codex Linux sandbox creates a bubblewrap folder at:

/tmp/codex-bwrap-synthetic-mount-targets

The relevant line of code is:

codex/codex-rs/linux-sandbox/src/linux_run_main.rs

Line 1238 in 7080773

std::env::temp_dir().join("codex-bwrap-synthetic-mount-targets")

Because the folder is not user or session-specific, the folder can be already created by another user working with Codex, so trying to create it again results in an error:

failed to open synthetic bubblewrap mount registry lock
/tmp/codex-bwrap-synthetic-mount-targets/lock: Permission denied

What steps can reproduce the bug?

Create a /tmp/codex-bwrap-synthetic-mount-targets folder and make it not accessible by the current user. Try using Codex and observe failures to use the sandbox.

What is the expected behavior?

Codex creates a registry path unique to the user, so that sandboxing always works. The folder should probably use a per-user or per-session path, e.g. include UID or username.

Additional information

No response

[lan13005]

I see a very similar problem through codex-cli. I can see /tmp/codex-bwrap-synthetic-mount-targets is owned by someone else thereby making codex permission blocked.

I asked codex to run some local commands in the same session and it tells me commands fail due to bwrap: Unknown option --perms (version appears outdated below). Not clear to me if these are related at all but more info for people to chew on.

version: codex-cli 0.128.0
subscription: plus
ide: codex-cli in cursor
linux version: Linux 5.14.0-570.106.1.el9_6.x86_64
bubblewrap 0.4.1 (seems outdated since it has no --perms flag but this was not a problem before observation of the /tmp problem)