toph/claudebox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(260410-d4u): conditionally mount /etc/static only on NixOS

Browse source 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Christopher Mühl 2026-04-10 09:29:11 +02:00
parent 1ccaf20eb4
commit 97c10f8fd4
No known key found for this signature in database
GPG key ID: 925AC7D69955293F
1 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
claudebox.sh
View file

@ -288,6 +288,12 @@ else
SANDBOX_CMD=("$CLAUDE_BIN" --dangerously-skip-permissions "${CLAUDE_ARGS[@]}")
fi
# Conditional mounts for NixOS-specific paths
CONDITIONAL_MOUNTS=()
if [[ -d /etc/static ]]; then
CONDITIONAL_MOUNTS+=(--ro-bind /etc/static /etc/static)
fi
# --dry-run: print the bwrap command without executing (D-09, UX-04)
if [[ "$DRY_RUN" == true ]]; then
{
@ -306,7 +312,11 @@ if [[ "$DRY_RUN" == true ]]; then
echo " --bind /nix/var/nix /nix/var/nix \\"
echo " --ro-bind /etc/resolv.conf /etc/resolv.conf \\"
echo " --ro-bind /etc/ssl /etc/ssl \\"
echo " --ro-bind /etc/static /etc/static \\"
local cm_i=0
while (( cm_i < ${#CONDITIONAL_MOUNTS[@]} )); do
echo " ${CONDITIONAL_MOUNTS[$cm_i]} ${CONDITIONAL_MOUNTS[$((cm_i+1))]} ${CONDITIONAL_MOUNTS[$((cm_i+2))]} \\"
(( cm_i += 3 ))
done
echo " --ro-bind /etc/passwd /etc/passwd \\"
echo " --ro-bind /etc/group /etc/group \\"
echo " --ro-bind /etc/hosts /etc/hosts \\"
@ -336,7 +346,7 @@ exec bwrap \
--bind /nix/var/nix /nix/var/nix \
--ro-bind /etc/resolv.conf /etc/resolv.conf \
--ro-bind /etc/ssl /etc/ssl \
--ro-bind /etc/static /etc/static \
"${CONDITIONAL_MOUNTS[@]}" \
--ro-bind /etc/passwd /etc/passwd \
--ro-bind /etc/group /etc/group \
--ro-bind /etc/hosts /etc/hosts \