From 97c10f8fd45370821ac2366628aa6b99a2df4fce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christopher=20M=C3=BChl?= <toki@toph.so>
Date: Fri, 10 Apr 2026 09:29:11 +0200
Subject: [PATCH] fix(260410-d4u): conditionally mount /etc/static only on
 NixOS

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 claudebox.sh | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/claudebox.sh b/claudebox.sh
index d362853..dcb618c 100644
--- a/claudebox.sh
+++ b/claudebox.sh
@@ -288,6 +288,12 @@ else
   SANDBOX_CMD=("$CLAUDE_BIN" --dangerously-skip-permissions "${CLAUDE_ARGS[@]}")
 fi
 
+# Conditional mounts for NixOS-specific paths
+CONDITIONAL_MOUNTS=()
+if [[ -d /etc/static ]]; then
+  CONDITIONAL_MOUNTS+=(--ro-bind /etc/static /etc/static)
+fi
+
 # --dry-run: print the bwrap command without executing (D-09, UX-04)
 if [[ "$DRY_RUN" == true ]]; then
   {
@@ -306,7 +312,11 @@ if [[ "$DRY_RUN" == true ]]; then
     echo "  --bind /nix/var/nix /nix/var/nix \\"
     echo "  --ro-bind /etc/resolv.conf /etc/resolv.conf \\"
     echo "  --ro-bind /etc/ssl /etc/ssl \\"
-    echo "  --ro-bind /etc/static /etc/static \\"
+    local cm_i=0
+    while (( cm_i < ${#CONDITIONAL_MOUNTS[@]} )); do
+      echo "  ${CONDITIONAL_MOUNTS[$cm_i]} ${CONDITIONAL_MOUNTS[$((cm_i+1))]} ${CONDITIONAL_MOUNTS[$((cm_i+2))]} \\"
+      (( cm_i += 3 ))
+    done
     echo "  --ro-bind /etc/passwd /etc/passwd \\"
     echo "  --ro-bind /etc/group /etc/group \\"
     echo "  --ro-bind /etc/hosts /etc/hosts \\"
@@ -336,7 +346,7 @@ exec bwrap \
   --bind /nix/var/nix /nix/var/nix \
   --ro-bind /etc/resolv.conf /etc/resolv.conf \
   --ro-bind /etc/ssl /etc/ssl \
-  --ro-bind /etc/static /etc/static \
+  "${CONDITIONAL_MOUNTS[@]}" \
   --ro-bind /etc/passwd /etc/passwd \
   --ro-bind /etc/group /etc/group \
   --ro-bind /etc/hosts /etc/hosts \