惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

W
WeLiveSecurity
T
Tenable Blog
Project Zero
Project Zero
C
Cybersecurity and Infrastructure Security Agency CISA
T
The Exploit Database - CXSecurity.com
P
Palo Alto Networks Blog
S
Schneier on Security
Scott Helme
Scott Helme
S
Securelist
Know Your Adversary
Know Your Adversary
Vercel News
Vercel News
IT之家
IT之家
V
V2EX
F
Fortinet All Blogs
Simon Willison's Weblog
Simon Willison's Weblog
K
Kaspersky official blog
博客园_首页
T
Tailwind CSS Blog
The GitHub Blog
The GitHub Blog
Spread Privacy
Spread Privacy
Microsoft Security Blog
Microsoft Security Blog
Cisco Talos Blog
Cisco Talos Blog
The Register - Security
The Register - Security
有赞技术团队
有赞技术团队
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Cyberwarzone
Cyberwarzone
Google DeepMind News
Google DeepMind News
The Hacker News
The Hacker News
L
LINUX DO - 热门话题
Hugging Face - Blog
Hugging Face - Blog
博客园 - 三生石上(FineUI控件)
A
Arctic Wolf
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
CXSECURITY Database RSS Feed - CXSecurity.com
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
Threat Research - Cisco Blogs
P
Proofpoint News Feed
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
P
Privacy & Cybersecurity Law Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
CERT Recently Published Vulnerability Notes
S
SegmentFault 最新的问题
AWS News Blog
AWS News Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
罗磊的独立博客
Apple Machine Learning Research
Apple Machine Learning Research
P
Proofpoint News Feed
The Cloudflare Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
Vulnerabilities – Threatpost

Comments for J.D. Hodges

How do I cancel Great courses trial (or subscription) on Amazon? [ANSWER] - J.D. Hodges Is Temu's $1,000 Reward Claimed Screen Legit? What You Get Amazon Order History and Charges [SOLVED] - 2026 How to Enable Wake-on-LAN on Synology NAS | Quick Guide Data truncated for column 'status' at row 1 [SOLVED] - J.D. Hodges Corsair Galleon 100 SD Left Shift Caps Lock Fix: Firmware v1.4.75 Beta | J.D. Hodges Is the BCBS Settlement Payment Email Legit? (May 2026) Claude Handoff Prompt: How to Keep Context Across Sessions (2026) ThinkPad History: IBM 700C to Lenovo AI Workstations MacBook Neo Benchmarks: A18 Pro CPU vs M1 and M4 The BeBox: BeOS Hardware, Photos, and the Apple Deal That Wasn't Claude Custom Instructions: Real Examples & Best Practices (2026)
Codex Sandbox Error on Ubuntu 24.04: The AppArmor Fix
J.D. H. · 2026-04-24 · via Comments for J.D. Hodges

How to Fix Codex Sandbox Errors on Ubuntu 24.04

TL;DR: Codex sandbox errors on Ubuntu 24.04 almost always trace back to one thing on freshly installed boxes: AppArmor blocking bwrap. A five-line /etc/apparmor.d/bwrap profile fixed it on my system. If you’re hitting the same wall, paste your error into Claude Code and let it walk you through. 💪

The Symptom: Codex Sandbox Hangs on Ubuntu 24.04

My Codex setup on a fresh Ubuntu 24.04 VM was unusable. Every codex exec call burned 35K to 54K tokens over 2 or 3 minutes retrying fallback paths, then died. The MCP Codex tool connected in about 3 seconds but could not read local files or fetch URLs. My workaround was cat-ing every file into the prompt. Slow and goofy.

The actual error, once I ran the simplest possible repro:

$ bwrap --dev-bind / / --unshare-net echo ok
bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted

If you see that line on your system, the AppArmor userns restriction is worth checking before anything else.

The Fix: Five Lines of AppArmor

Create /etc/apparmor.d/bwrap with this body:

abi <abi/4.0>,
include <tunables/global>

profile bwrap /usr/bin/bwrap flags=(unconfined) {
  userns,
  include if exists <local/bwrap>
}

Then load it:

sudo apparmor_parser -r /etc/apparmor.d/bwrap

That’s it. The profile shape is the same one Ubuntu ships for flatpak and chrome, scoped to /usr/bin/bwrap.

If you would rather not touch AppArmor at all, codex-cli 0.117.0 has a Landlock-based sandbox you can opt into: codex --enable use_legacy_landlock sandbox linux <cmd>. That uses the kernel’s Landlock LSM instead of bwrap. The catch: on codex-cli 0.117.0 this only applies to the codex sandbox linux subcommand, not to codex exec sandbox modes. For codex exec to work, you still want the AppArmor profile above.

Verify

$ bwrap --dev-bind / / --unshare-net echo ok
ok
$ sudo aa-status | grep bwrap
   bwrap

If the canary still fails, look at the kernel log for AppArmor events on bwrap. Ubuntu logs userns transitions as AUDIT events, not DENIED, so the grep needs to cover both:

sudo journalctl -k | grep -E 'apparmor.*(DENIED|userns_create)'

Tip

If you’re hitting this on your own system, paste the RTM_NEWADDR error and your kernel version into a fresh Claude Code session. It will research the Launchpad bugs, consult Codex via MCP for a second opinion, and walk you through the profile install on your host. That’s how I got here.

Why Ubuntu 24.04 Breaks Codex Sandboxes

Ubuntu 23.10+ sets kernel.apparmor_restrict_unprivileged_userns=1 by default. Bubblewrap needs unprivileged user namespaces to build its sandbox, and the restriction blocks unshare(CLONE_NEWUSER) unless a permitted AppArmor profile applies. The upstream AppArmor project keeps a bwrap-userns-restrict profile in its extras/ directory. Ubuntu’s apparmor package added then reverted then partially reworked it (the dropped step is documented in LP #2072811, where the bwrap restrict profile was removed after it broke Flatpak app saves), so a current 24.04 install has no bwrap profile out of the box. The five-line profile above is what fills that gap.

If you want tighter confinement than a compatibility stub, there is an upstream bwrap-userns-restrict profile that strips capability from bwrap‘s children via profile stacking. Heavier to install and maintain, so I’m leaving it for a later session.

One Gotcha After the Fix

After installing the profile, MCP Codex started reading my local files again. Good. Fetching URLs still failed inside sandbox=read-only with “Could not resolve host.” That was not a profile bug. The read-only preset on my Codex version uses bwrap --unshare-net, which isolates the sandbox from the network on purpose. Switching the call to sandbox=workspace-write made URL fetches work. Your Codex build may map the presets slightly differently, so try both before you blame the profile.

Bottom Line

The fix itself took 30 seconds. Getting to the right five lines was a few hours of Claude Code and Codex trading hypotheses: reading Ubuntu’s userns spec, pulling the upstream profile for comparison, flipping the sysctl as a diagnostic, and verifying each success criterion one at a time. Same CC and Codex loop I use for real work.

If you hit codex sandbox errors on your Ubuntu 24.04 box, hand the error to CC and let it run. You’ll learn the AppArmor model along the way. I hope the fix lands on yours as fast as it did on mine. 👍

Sources and Further Reading

Drafted with Claude and Codex. Sources cited against primary docs where possible. If something here does not match what you are seeing, drop a comment and I will update the post.