[Bug] Sandbox blocks cwd-tracking writes on macOS, causing all bash commands to exit with code 1
Bug Description
Description:
When sandboxing is enabled (auto-allow mode) on macOS, every bash command fails with exit code 1 and the following error:
zsh:1: operation not permitted: /tmp/claude-502/cwd-<hash>
This occurs even for commands with no filesystem side effects (e.g., echo "hello"). The command itself executes and returns correct
output, but zsh exits with code 1 due to the sandbox blocking writes to the cwd-tracking file.
Steps to reproduce:
- Enable sandbox (auto-allow mode) via /sandbox
- Run any bash command, e.g. echo "hello"
- Observe exit code 1 and zsh: operation not permitted: /tmp/claude-502/cwd-<hash> in stderr
Expected behavior:
Claude Code's internal cwd-tracking mechanism (/tmp/claude-{uid}/cwd-*) should be whitelisted in the sandbox policy by default,
since it is an internal implementation detail of the Bash tool itself.
Attempted workaround:
Adding the following to settings.json does not resolve the issue:
"sandbox": {
"filesystem": {
"allowWrite": [
"//tmp/claude-502/**",
"//private/tmp/claude-502/**"
]
}
}
The internal sandbox policy includes denyWithinAllow: ["/"] which appears to override user-configured allowWrite entries for paths
under /, making it impossible to whitelist this path from settings.json.
Environment:
- macOS (Seatbelt sandbox)
- Sandbox mode: auto-allow
Environment Info
- Platform: darwin
- Terminal: iTerm.app
- Version: 2.1.72
- Feedback ID: 1f2ecb6e-095b-4c5a-9bc9-067122a12e96
Errors
[]This issue has 8 comments on GitHub. Read the full discussion on GitHub ↗