Skip to content

fix: Restricted Read: /System is too permissive for macOS platform de…#11798

Open
leoshimo-oai wants to merge 1 commit intomainfrom
leoshimo/codex-restricted-read-base-policy-fix
Open

fix: Restricted Read: /System is too permissive for macOS platform de…#11798
leoshimo-oai wants to merge 1 commit intomainfrom
leoshimo/codex-restricted-read-base-policy-fix

Conversation

@leoshimo-oai
Copy link

@leoshimo-oai leoshimo-oai commented Feb 14, 2026

…fault

Update ReadOnlyAccess's platform defaults. On modern macOS, /System includes user's home directory at /System/Volumes/Data/Users/.

Conservatively, replacing /System with /System/Library, /System/Cryptexes/OS/System, and /System/Cryptexes/OS/usr specifically.

@github-actions
Copy link
Contributor

github-actions bot commented Feb 14, 2026
edited
Loading

All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.

@leoshimo-oai
Copy link
Author

leoshimo-oai commented Feb 14, 2026

I have read the CLA Document and I hereby sign the CLA

@leoshimo-oai
Copy link
Author

leoshimo-oai commented Feb 14, 2026

recheck

github-actions bot added a commit that referenced this pull request Feb 14, 2026
@github-actions
@leoshimo-oai has signed the CLA in #11798
3b6e5ec
@etraut-openai etraut-openai added the oai PRs contributed by OpenAI employees label Feb 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@owenlin0 owenlin0 owenlin0 approved these changes

@viyatb-oai viyatb-oai viyatb-oai approved these changes

@bolinfest bolinfest Awaiting requested review from bolinfest

@celia-oai celia-oai Awaiting requested review from celia-oai

Assignees

No one assigned

Labels

oai PRs contributed by OpenAI employees

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@leoshimo-oai @owenlin0 @viyatb-oai @etraut-openai