Harden launcher overrides and fix opencode backend regressions
- remove codex auth mounts from opencode run/shell paths - reject opencode login and invalid backend values - harden opencode config writes against symlink clobbering - fix opencode build args and packages_extra handling - enforce cap-drop and read-only rootfs in runtime commands - reject dangerous runtime/build env overrides - update README and test docs to match actual behavior - extend regression coverage for backend safety and hardening
This commit is contained in:
Samuel Aubertin
@@ -12,6 +12,7 @@ Current scenarios:
|
||||
- `secret_mask/` — verifies masked files remain hidden even when sloptrap remaps the workspace mount.
|
||||
- `resume_target/` — verifies the resume target passes the requested session identifier to Codex.
|
||||
- `auth_file_mount` — verifies `~/.codex/auth.json` is mounted directly into `/codex/auth.json`.
|
||||
- `runtime_hardening_flags` — verifies standard runs add `--cap-drop=ALL` and keep the root filesystem read-only.
|
||||
- `project_state_isolation` — verifies different projects map `/codex` to different host state directories.
|
||||
- `auto_login_empty_auth` — verifies an empty `auth.json` still triggers automatic login before the main target.
|
||||
- `host_network_packet_capture/` — exercises the per-run acknowledgement path for host networking combined with `packet-capture`.
|
||||
- `opencode_*` — exercises opencode build/download, localhost rewriting, config generation, and backend-specific safety checks.
|
||||
|
||||
Reference in New Issue
Block a user