Worker spawn inheritance broken: child worker agents do not inherit parent runtime/ network policy #14357
Description
What version of Codex CLI is running?
0.114.0
What subscription do you have?
pro max
Which model were you using?
5.3 codex x high
What platform is your computer?
Darwin 24.6.0 x86_64 i386
What terminal emulator and version are you using (if applicable)?
No response
What issue are you seeing?
Child workers spawned from an unrestricted parent session are running with
CODEX_SANDBOX_NETWORK_DISABLED=1 and CODEX_SANDBOX=seatbelt, causing DNS/network
failures. Parent session remains unrestricted and can resolve/connect normally.
What steps can reproduce the bug?
Uploaded thread: 019cdd84-c60e-7c23-ac40-18f03b46984c
- In parent session, run:
cd "/Users/alexwilliamson/Desktop/Development/Genloop/GTG BI AI/MVP"
echo "ROLE=parent"
echo "flag=${CODEX_SANDBOX_NETWORK_DISABLED:-}"
echo "sandbox=${CODEX_SANDBOX:-}"
echo "thread=${CODEX_THREAD_ID:-}"
python3 - <<'PY'
import socket
for h in ["example.com","www.ercot.com","data.sec.gov"]:
try:
print(h, "->", socket.getaddrinfo(h,443)[0][4][0])
except Exception as e:
print(h, "-> ERROR:", e)
PY
curl -I -m 15 https://example.com 2>&1 | head -n 6
curl -I -m 15 https://www.ercot.com 2>&1 | head -n 6
ping -c 1 www.ercot.com 2>&1 | head -n 6
- Spawn 2 child agents (agent_type=worker, fork_context=true).
- In each child, run the same block but with ROLE=child_1 / ROLE=child_2.
Expected Behavior
- Children inherit parent runtime/network policy.
- CODEX_SANDBOX_NETWORK_DISABLED unset in children.
- DNS resolves (example.com, www.ercot.com).
- curl and ping resolve/connect.
Actual Behavior
- Parent passes all criteria.
- Both children fail all network criteria and show restrictive env:
- flag=1
- sandbox=seatbelt
- DNS errors
- curl: (6) Could not resolve host
- ping: cannot resolve ... Unknown host
Validation Matrix
- Parent status: PASS
- Child_1 status: FAIL
- Child_2 status: FAIL
- Inheritance verdict: FAIL
Worker spawn inheritance is broken in this environment.
———
Exact outputs (verbatim)
Parent
ROLE=parent
flag=
sandbox=
thread=019cdd84-c60e-7c23-ac40-18f03b46984c
example.com -> 2606:4700::6812:1a78
www.ercot.com -> 45.60.45.66
data.sec.gov -> 2600:1404:1200:b8b::2374
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
HTTP/2 200
date: Wed, 11 Mar 2026 16:11:12 GMT
content-type: text/html
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
HTTP/2 200
date: Wed, 11 Mar 2026 16:11:12 GMT
server: Apache
PING x7nzsje.x.incapdns.net (45.60.45.66): 56 data bytes
64 bytes from 45.60.45.66: icmp_seq=0 ttl=55 time=29.247 ms
--- x7nzsje.x.incapdns.net ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 29.247/29.247/29.247/0.000 ms
Child_1
ROLE=child_1
flag=1
sandbox=seatbelt
thread=019cddab-08de-7f41-b88d-3567b1b5c59f
example.com -> ERROR: [Errno 8] nodename nor servname provided, or not known
www.ercot.com -> ERROR: [Errno 8] nodename nor servname provided, or not known
data.sec.gov -> ERROR: [Errno 8] nodename nor servname provided, or not known
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6)
Could not resolve host: example.com
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6)
Could not resolve host: www.ercot.com
ping: cannot resolve www.ercot.com: Unknown host
Child_2
ROLE=child_2
flag=1
sandbox=seatbelt
thread=019cddab-47c9-7801-a706-444b08d148b4
example.com -> ERROR: [Errno 8] nodename nor servname provided, or not known
www.ercot.com -> ERROR: [Errno 8] nodename nor servname provided, or not known
data.sec.gov -> ERROR: [Errno 8] nodename nor servname provided, or not known
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6)
Could not resolve host: example.com
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6)
Could not resolve host: www.ercot.com
ping: cannot resolve www.ercot.com: Unknown host
———
Additional evidence
- Child session log shows turn_context.sandbox_policy={"type":"danger-full-access"}
while child shell env is sandbox=seatbelt + flag=1:- /Users/alexwilliamson/.codex/sessions/2026/03/11/rollout-2026-03-11T11-11-44-
019cddab-08de-7f41-b88d-3567b1b5c59f.jsonl
- /Users/alexwilliamson/.codex/sessions/2026/03/11/rollout-2026-03-11T11-11-44-
- Likely mismatch between configured child policy and execution-time runtime policy
application.
What is the expected behavior?
- Children inherit parent runtime/network policy.
- CODEX_SANDBOX_NETWORK_DISABLED unset in children.
- DNS resolves (example.com, www.ercot.com).
- curl and ping resolve/connect.
Additional information
No response