OpenSkillIndex← back to search
claude-codesecurity

Claude-skill-registry codex-container-sandbox

Run Codex CLI inside a Podman container with full internet access but filesystem exposure limited to the repo root + explicit bind mounts; use when you want yolo/web-search without giving the agent access to your whole host filesystem.

install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/codex-container-sandbox" ~/.claude/skills/majiayu000-claude-skill-registry-codex-container-sandbox && rm -rf "$T"
manifest: skills/data/codex-container-sandbox/SKILL.md
tags
#containerization#podman#sandboxing#codex#security#isolation
source content

codex-container-sandbox

Use this when you want:

  • Full egress/network for 
    codex
    (web search, fetching, etc.)
  • Tight filesystem boundaries via container bind mounts (repo root + explicit allowlist)

This repo contains a wrapper script intended to be installed as 

codex-container-sandbox
.

Workflow

  1. Build the image

    From the repo root (this repository):

    podman build -t localhost/codex-container-sandbox:latest -f Containerfile .

  2. Install the wrapper

    install -m 0755 codex-container-sandbox ~/.local/bin/codex-container-sandbox

  3. (Optional) Configure extra mounts

    Create 

    ~/.config/codex-container-sandbox/config.sh
    :

    CODEX_CONTAINER_SANDBOX_IMAGE="localhost/codex-container-sandbox:latest"

# Extra read-only mounts (mapped under /home/codex/... if under $HOME)
CODEX_CONTAINER_SANDBOX_RO_MOUNTS=(
  "$HOME/.local/bin"
)

# Extra read-write mounts
CODEX_CONTAINER_SANDBOX_RW_MOUNTS=(
  "$HOME/.cache/uv"
  "$HOME/tmp"
)

  4. Login once inside the container

    codex-container-sandbox --shell
codex login

  5. Run the self-test (recommended)

    ./selftest.sh

    If this repo is vendored as a git submodule at 

    ./codex-container-sandbox/
    (for example in a dotfiles repo), either:

    • cd codex-container-sandbox && ./selftest.sh
      , or
    • run 
      ./codex-container-sandbox/selftest.sh
      from the parent repo root.

  6. Run Codex

    codex-container-sandbox exec "Summarize this repo"

Safety notes

  • This wrapper runs Codex in full-yolo mode (
    --dangerously-bypass-approvals-and-sandbox
    ) with full networking. Anything mounted into the container can be exfiltrated.
  • Keep mounts minimal; do not mount secrets, password stores, SSH keys, or large chunks of 
    $HOME
    unless you intend to expose them.