[BUG] recent seccomp change for /sandbox broke executing Windows tools from WSL
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
(I had Claude Code generate the description because it seems to have a better grasp on it that I have.)
Since approximately v2.1.92 (changelog mentions "ships the apply-seccomp helper, restoring unix-socket blocking for sandboxed commands"), the sandbox completely breaks execution of all Windows executables (.exe) from within WSL2.
WSL interop uses a Unix socket at /run/WSL/*_interop to bridge Linux-Windows process execution. The new seccomp filter blocks connect() on Unix sockets, which prevents any .exe from launching - not just those that access the network.
Steps to Reproduce
- Run Claude Code in WSL2
- Enable sandbox (
/sandbox- enabled) - Try running any Windows executable:
````
cmd.exe /c "echo hello"
Expected Behavior
cmd.exe prints hello (worked in versions prior to ~2.1.92).
Actual Behavior
<3>WSL (22 - ) ERROR: UtilConnectUnix:524: socket failed 1
Every Windows executable fails with this error. This includes:
cmd.exe /c "echo hello"(no network involved)svn.exe --version --quiet(no network involved)svn.exe status(local-only operation)- Any
.exeat all
Impact
This is a complete break for WSL2 users who rely on Windows-side tools. Common use cases:
- Subversion users:
svn.exe(Windows) must be used instead of Linuxsvnto avoid working copy corruption on NTFS mounts. Allsvn.exeoperations fail, including purely local ones likestatusanddiff. - Build systems: Many projects use
.cmdbuild scripts invoked viacmd.exe. These all fail. - Any Windows CLI tool: No Windows executable can be called from the sandbox.
Workarounds Attempted
- Adding
/run/WSLtosandbox.filesystem.allowReadinsettings.json- no effect (blocked at syscall level, not filesystem level) - Adding
/run/WSL/tosandbox.filesystem.allowWrite- no effect (same reason) - Only workaround is disabling the sandbox entirely (
/sandbox- disabled)
Suggested Fix
The seccomp filter should either:
- Allow
connect()onAF_UNIXsockets specifically to the WSL interop socket path (/run/WSL/*_interop), or - Provide a configuration option (e.g.
sandbox.allowUnixSockets: trueorsandbox.allowWslInterop: true) to opt out of Unix socket blocking on WSL2, or - Auto-detect WSL2 and skip Unix socket blocking (since WSL interop is fundamental to the platform)
Environment
- Claude Code version: 2.1.96 (issue started around 2.1.92)
- Platform: WSL2 on Windows
- WSL kernel: 6.6.87.2-microsoft-standard-WSL2
- Distro: Ubuntu 24.04.3 LTS
- bubblewrap: 0.9.0
- Sandbox mode: enabled (with auto-allow for bash commands)
What Should Happen?
cmd.exe prints hello (worked in versions prior to ~2.1.92).
Error Messages/Logs
<3>WSL (22 - ) ERROR: UtilConnectUnix:524: socket failed 1
Steps to Reproduce
- Run Claude Code in WSL2
- Enable sandbox (
/sandbox- enabled) - Try running any Windows executable:
````
cmd.exe /c "echo hello"
Claude Model
Opus
Is this a regression?
Yes, this worked in a previous version
Last Working Version
_No response_
Claude Code Version
2.1.96
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
WSL (Windows Subsystem for Linux)
Additional Information
In case it matters: I am using Ubuntu under WSL:
uname -r && cat /proc/version 2>/dev/null | head -1
6.6.87.2-microsoft-standard-WSL2
Linux version 6.6.87.2-microsoft-standard-WSL2 (root@439a258ad544) (gcc (GCC) 11.2.0, GNU ld
(GNU Binutils) 2.37) #1 SMP PREEMPT_DYNAMIC Thu Jun 5 18:30:46 UTC 2025
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗