I’ve set the sandbox.json settings on my machine to access my docker daemon through ./Users/brendand/.docker added to additionalReadwritePaths in my machine’s top level sandbox.json
but get permission denied while trying to connect to the docker API at unix:////.docker/run/docker.sock
when trying to pull an image from our docker registry domain that we’ve allow listed in our enterprise settings.
This is on MacOS. Any ideas?
Claude is giving me this
”Still failing. The issue may be that on macOS, the sandbox-exec (seatbelt) implementation has specific restrictions on Unix domain sockets that can’t be lifted via file path permissions alone. The sandbox.json file path configuration might work for regular files but not for Unix sockets.
This could be a bug or limitation in Cursor’s sandbox implementation on macOS. The docs example shows “/home/me/.docker” which is a Linux path - it’s possible the Docker socket access via additionalReadwritePaths was only tested/implemented for Linux (which uses Landlock).”
Yes using the official example in sandbox configuration
I can’t get the sandbox to be able to work with docker api on my mac machine using the official example additionalReadWritePaths configh and get the above permissioning errors from my previous reply.
I can reproduce this issue and have filed a bug with the team.
In the meantime, adding "networkPolicy": { "default": "allow" } would serve as a workaround. It’s broader than ideal, but it should resolve the problem temporarily.
Whenever Cursor agent tries to run rails tests, it fails. It will always report back and say “no local MySQL”. This appears to be some limitation of how the agent runs commands.
My local MySQL server is a docker container. If I take the exact same command that Agent tried to run and paste it into my normal Cursor terminal, it works every time.
I’ve tried changing my Agent terminal settings:
auto-run in sandbox and whitelist the commands (doesn’t work)
run everything unsandboxed, still doesn’t work
Note: This used to work intermittently, but stopped working perhaps 2-3 weeks ago. Before, Cursor would try to run it in the sandbox and it would fail, then it would retry outside the sandbox and that would usually work. Now, nothing does.
Steps to Reproduce
Have a Rails app that uses a Dockerized MySQL server
Tell Agent to run tests
Watch it be unable to connect
Expected Behavior
Agent should be able to run operations that involve connecting to Docker containers on localhost
@deanrie Saw you posted on other thread and wanted to check in if there’s any update from eng investigation. Has the team looked into it or have any ideas on a potential way for them to fix on MacOS without network allow all? Without docker access the sandbox is pretty limited for our org’s developers right now.
Hey, @bdoyle0182! The team is aware of this issue. It’s logged and being tracked internally. There’s no ETA yet for a proper fix that works with scoped permissions (without full network access), but your enterprise user report helps us prioritize it. I get that the workaround networkPolicy: allow isn’t acceptable for an enterprise org from a security standpoint.
Hey, @troehrkasse! I can see your sandbox.json is in the right place and the config looks correct. From your other screenshot, it also looks like the Local Network permission for Cursor is enabled.
Since neither the workaround nor running without the sandbox helps, this might be related to how your Docker daemon exposes the socket. A few questions:
What exact error message does the agent get when it tries to connect? Full text, not just the short summary.
How is Docker running on your machine? Docker Desktop, Colima, OrbStack, or something else?
Can you check which socket path your Docker environment is using? Run docker context inspect in a regular terminal and share the output.
This will help us figure out if this is a different issue, separate from the sandbox bug that @bdoyle0182 reported.
