Platform sandboxing details

The mechanism Codex uses to implement the sandbox policy depends on your OS:

• macOS 12+ uses Apple Seatbelt and runs commands using sandbox-exec with a profile (-p) that corresponds to the --sandbox that was specified.
• Linux uses a combination of Landlock/seccomp APIs to enforce the sandbox configuration.

Note that when running Linux in a containerized environment such as Docker, sandboxing may not work if the host/container configuration does not support the necessary Landlock/seccomp APIs. In such cases, we recommend configuring your Docker container so that it provides the sandbox guarantees you are looking for and then running codex with --sandbox danger-full-access (or, more simply, the --dangerously-bypass-approvals-and-sandbox flag) within your container.