Sandbox: spurious Operation not permitted on /tmp/claude-501/cwd-* due to macOS com.apple.provenance xattr

Resolved 💬 4 comments Opened Jan 30, 2026 by tseabrook Closed Feb 28, 2026

Description

Every sandboxed Bash command produces a spurious "Operation not permitted" error and exit code 1, even though the actual command succeeds. This makes it difficult to distinguish real failures from sandbox noise.

Error

/bin/bash: /tmp/claude-501/cwd-XXXX: Operation not permitted

This appears in the output of every sandboxed Bash invocation, regardless of the command being run.

Root Cause

The /tmp/claude-501/ directory was initially created by a command that ran with dangerouslyDisableSandbox: true. macOS tags it with the com.apple.provenance extended attribute, associating it with the non-sandboxed execution context.

When a subsequent sandboxed command tries to write a cwd-* tracking file to this directory, macOS blocks the write because the sandbox process has a different provenance than the directory creator.

Removing the xattr (xattr -d com.apple.provenance /tmp/claude-501/) does not fix the issue -- the next sandboxed invocation immediately re-applies com.apple.provenance, and the problem persists.

Impact

  • Exit code: All sandboxed Bash calls return exit code 1 even on success
  • Noise: Error line appears in every command output
  • Confusion: Difficult to detect actual command failures vs sandbox artifact

Environment

  • Platform: macOS Darwin 25.1.0 (Sequoia)
  • Claude Code model: claude-opus-4-5-20251101

Possible Fixes

  1. Create /tmp/claude-501/ from within the sandbox context on first use, so provenance matches
  2. Catch and suppress the cwd-* write failure since it is non-critical
  3. Use a different mechanism for the CWD tracking that does not conflict with macOS sandbox provenance

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗