Document AI agent sandbox conflicts in server-AGENTS.md
Codex CLI seccomp filters block nix daemon access. Workaround: disable redundant sandbox since server provides isolation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Dan
parent
51e657d43b
commit
026f82e697
|
|
@ -88,6 +88,26 @@ Simple Unix isolation - no containers, VMs, or complex sandboxing:
|
|||
|
||||
This is a learning environment, not a hostile multi-tenant system.
|
||||
|
||||
## AI Agent Sandbox Conflicts
|
||||
|
||||
Some AI coding agents (Codex, etc.) run commands in their own sandbox with seccomp
|
||||
filters. This can block nix daemon access even though the server allows it.
|
||||
|
||||
**Symptom**: `nix store ping` or `nix develop` fails with "Operation not permitted"
|
||||
from within the agent, but works from your regular SSH session.
|
||||
|
||||
**Fix for Codex CLI**: Disable redundant sandboxing (server already provides isolation):
|
||||
|
||||
```bash
|
||||
# One-off
|
||||
codex -s danger-full-access
|
||||
|
||||
# Permanent (~/.codex/config.toml)
|
||||
sandbox_mode = "danger-full-access"
|
||||
```
|
||||
|
||||
Other agents may have similar sandbox settings - check their docs if nix commands fail.
|
||||
|
||||
## Do NOT
|
||||
|
||||
- Run `sudo` (you don't have access)
|
||||
|
|
|
|||
Loading…
Reference in a new issue