CLAUDE_CODE_SUBPROCESS_ENV_SCRUB silently overrides sandbox.enabled:false with no warning
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Setting CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1 silently forces bubblewrap sandbox activation, overriding sandbox.enabled: false and sandbox.failIfUnavailable: false in settings.json. No warning, no log, and the error produced looks like a kernel capability issue — not a config conflict.
What Should Happen?
sandbox.enabled: false should disable the sandbox. If an env var overrides settings.json, Claude Code should warn the user or document this behavior.
Error Messages/Logs
bwrap: Creating new namespace failed, kernel doesn't support user namespaces: Operation not permitted
Steps to Reproduce
- Set
CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1in the environment (docker-compose environment block) - Set
sandbox.enabled: falseandsandbox.failIfUnavailable: falsein settings.json - Attempt to run any Bash tool
Claude Model
None
Is this a regression?
Yes, this worked in a previous version
Last Working Version
2.1.x
Claude Code Version
claude-sonnet-4-6
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
Root cause: CLAUDE_CODE_SUBPROCESS_ENV_SCRUB=1 forces bubblewrap regardless of sandbox settings. Docker on kernels without user namespace support (Synology NAS, kernel 4.4) cannot use bubblewrap.
Fix: Remove CLAUDE_CODE_SUBPROCESS_ENV_SCRUB from the environment.
Footgun for Docker deployments — silent override + misleading error message + no documentation makes it extremely hard to diagnose.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗