Skip to content

Add JIT entitlement for macosx#15409

Merged
cconger merged 1 commit intomainfrom
cconger/macos-jit-entitlement
Mar 21, 2026
Merged

Add JIT entitlement for macosx#15409
cconger merged 1 commit intomainfrom
cconger/macos-jit-entitlement

Conversation

@cconger
Copy link
Contributor

@cconger cconger commented Mar 21, 2026

Without this entitlement, hardened mac os release binaries are unable to allocate the executable memory for the JIT compiled JS.

Tested with local signing. Without entitlement I reproduce the error:

#
# Fatal process out of memory: Failed to reserve virtual memory for CodeRange
#
==== C stack trace ===============================

    0   codex                               0x00000001075d1acc codex + 85760716
    1   codex                               0x00000001075d6a64 codex + 85781092
    2   codex                               0x00000001075c7100 codex + 85717248
    3   codex                               0x0000000107637394 codex + 86176660
    4   codex                               0x0000000107823cfc codex + 88194300
    5   codex                               0x000000010777c438 codex + 87508024
    6   codex                               0x000000010777d130 codex + 87511344
    7   codex                               0x0000000107c87a54 codex + 92797524
    8   codex                               0x0000000107641188 codex + 86217096
    9   codex                               0x00000001076412d8 codex + 86217432
    10  codex                               0x0000000107553908 codex + 85244168
    11  codex                               0x000000010465f124 codex + 36008228
    12  codex                               0x000000010466a0d0 codex + 36053200
    13  codex                               0x000000010466ce78 codex + 36064888
    14  codex                               0x000000010734edb0 codex + 83127728
    15  libsystem_pthread.dylib             0x00000001810d3c08 _pthread_start + 136
    16  libsystem_pthread.dylib             0x00000001810ceba8 thread_start + 8
zsh: trace trap  target/release/codex exec --enable code_mode_only --enable code_mode --

With the entitlement the exec succeeds.

@cconger cconger requested review from bolinfest and pakrym-oai March 21, 2026 19:33
dylan-hurd-oai
dylan-hurd-oai approved these changes Mar 21, 2026
View reviewed changes
Copy link
Collaborator

@dylan-hurd-oai dylan-hurd-oai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's publish an alpha to test!

@cconger cconger merged commit c23566b into main Mar 21, 2026
67 of 74 checks passed
@cconger cconger deleted the cconger/macos-jit-entitlement branch March 21, 2026 20:43
@github-actions github-actions bot locked and limited conversation to collaborators Mar 21, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@dylan-hurd-oai dylan-hurd-oai dylan-hurd-oai approved these changes

@pakrym-oai pakrym-oai Awaiting requested review from pakrym-oai

@bolinfest bolinfest Awaiting requested review from bolinfest

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cconger @dylan-hurd-oai