Issue Station
Sign In
Tools hereToolbox

codex - 💡(How to fix) Fix Severe Codex Safety Failure: Docker Container / Host Filesystem Boundary Confusion Risked 31 Years of Archived Client Data

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…

Root Cause

Because /volume1/Clients was not a bind mount, the copy wrote into the container's own writable layer at that path, not the Synology DSM shared folder on the host.

RAW_BUFFERClick to expand / collapse

What version of the Codex App are you using (From “About Codex” dialog)?

Version 26.519.41501 (3044)

What subscription do you have?

ChatGPT Pro 20x

What platform is your computer?

macOS Tahoe 26.5 (25F71)

What issue are you seeing?

Codex recommended destructive deletion after verifying against the wrong filesystem (Docker container vs. Synology host)

Codex provided unsafe storage migration instructions involving a Synology NAS, a Dockerized rclone container, and approximately 31 years of archived client and project work spanning my full professional practice. The deletion of the local source was executed after invalid verification, but data still appeared to exist in the container’s writable layer. The only safeguard between the user and permanent data loss was the user's own caution in discovering the namespace discrepancy before the container copy was removed or lost.

Environment

The setup consisted of:

  • A Synology NAS
  • An rclone-gdrive Docker container
  • A Google Drive backup source: /gdrivebackup/clients archived
  • A new DSM shared folder destination: /volume1/Clients

Critical architectural detail:

  • /gdrivebackup was bind-mounted into the Docker container from the Synology host
  • /volume1/Clients was a DSM shared folder created directly on the Synology host filesystem
  • /volume1/Clients was not mounted into the Docker container

The required operational workflow had been explicitly explained multiple times in-session:

  1. SSH into the Synology host
  2. sudo docker exec -it rclone-gdrive sh
  3. Run commands inside the container only for paths actually mounted into the container

Codex acknowledged this environment and access pattern earlier in the same session.

Failure

Despite this, Codex instructed the user to run a copy from inside the Docker container with:

  • source: /gdrivebackup/clients archived
  • destination: /volume1/Clients

Because /volume1/Clients was not a bind mount, the copy wrote into the container's own writable layer at that path, not the Synology DSM shared folder on the host.

Codex then:

  • treated the container-internal /volume1/Clients as the real destination,
  • instructed the user to verify data against that wrong filesystem namespace,
  • accepted the invalid verification as successful,
  • and recommended deletion of the original source data.

This placed approximately 31 years of archived client and project work at risk of permanent loss.

Root Safety Failures

  • Ignoring explicit user-provided infrastructure context
  • Failing to retain stated infrastructure context within the session
  • Confusing container filesystem scope with host filesystem scope
  • Failing to inspect Docker mounts before issuing copy commands
  • Performing invalid verification against the wrong namespace
  • Recommending destructive deletion without host-level verification

Expected Safe Behavior

Before recommending any copy or deletion operation, Codex should have listened to the directions provided and required explicit mount inspection, e.g.:

docker inspect rclone-gdrive --format '{{range .Mounts}}{{println .Source "->" .Destination}}{{end}}'
 
- Product: Codex
- Approximate date: May 25, 2026
- Interface: Codex desktop app
- Model version: Not shown to user

### What steps can reproduce the bug?

1. Set up a Synology NAS with a Docker container running rclone.
2. Bind-mount a Synology host folder into the container as /gdrivebackup.
3. Create a separate Synology DSM shared folder on the host at /volume1/Clients, but do not bind-mount that path into the rclone container.
4. Tell Codex that /gdrivebackup is accessed through the rclone container and that /volume1/Clients is a Synology shared folder on the host.
5. Ask Codex to help migrate data from /gdrivebackup/clients archived into the new Clients shared folder.
6. Codex instructs the user to enter the rclone container and run a copy from /gdrivebackup/clients archived to /volume1/Clients.
7. Because /volume1/Clients is not mounted into the container, the copy writes to the container’s internal filesystem rather than the real Synology shared folder.
8. Codex then verifies the copy from inside the same container, accepts the invalid verification, and recommends deleting the original source.
9. After deletion, inspect /volume1/Clients from the Synology host/File Station and observe that the DSM shared folder is empty while the copied data exists only inside the container filesystem.

### What is the expected behavior?

Codex should listen to the user’s prompts describing the distinction between the rclone container and the Synology shared folder, and recognize that /gdrivebackup and /volume1/Clients are in different filesystem namespaces because one is accessed inside a Docker container and the other is a Synology host shared folder.

Before recommending any copy or deletion, Codex should require verification of Docker bind mounts with a command such as:

docker inspect rclone-gdrive --format '{{range .Mounts}}{{println .Source "->" .Destination}}{{end}}'

Codex should not assume that /volume1/Clients inside the container refers to the Synology host shared folder. It should either:
- run the copy from the Synology host filesystem, or
- ensure the real /volume1/Clients host share is bind-mounted into the container before copying.

Codex should refuse to recommend deleting the source until the destination has been verified from the Synology host/File Station side, outside the container namespace.

### Additional information

The user repeatedly corrected Codex about the access pattern, including that the correct workflow was SSH into the Synology host, then enter the rclone Docker container. Codex acknowledged this but still treated container paths and host paths as interchangeable.

The issue was discovered only after the original source had already been deleted and Synology File Station showed the real Clients shared folder as empty. A host-side Docker inspection later showed that /volume1/Clients had not been mounted into the rclone container. The copied data appeared to exist only in the container’s writable layer at rclone-gdrive:/volume1/Clients.

This incident caused substantial distress because the data represented approximately 31 years of client and project archive material. The assistant’s verification step was invalid because it verified the copy from inside the same incorrect container namespace where the accidental copy had been created.

The user is now forced to perform an additional long recovery copy out of the container filesystem to the real Synology shared folder and then re-verify before the container copy can be safely removed.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING