MacOS sandbox blocking Docker socket connection

Hey Colin,

I’ve set the sandbox.json settings on my machine to access my docker daemon through ./Users/brendand/.docker added to additionalReadwritePaths in my machine’s top level sandbox.json

  "additionalReadwritePaths": [

    "/Users/brendand/.docker",

"/Users/brendand/.docker/run"

  ]

but get permission denied while trying to connect to the docker API at unix:////.docker/run/docker.sock

when trying to pull an image from our docker registry domain that we’ve allow listed in our enterprise settings.

This is on MacOS. Any ideas?

Claude is giving me this

”Still failing. The issue may be that on macOS, the sandbox-exec (seatbelt) implementation has specific restrictions on Unix domain sockets that can’t be lifted via file path permissions alone. The sandbox.json file path configuration might work for regular files but not for Unix sockets.

This could be a bug or limitation in Cursor’s sandbox implementation on macOS. The docs example shows “/home/me/.docker” which is a Linux path - it’s possible the Docker socket access via additionalReadwritePaths was only tested/implemented for Linux (which uses Landlock).”

Hey @bdoyle0182

Can you walk me through what actions you’re trying to take in Cursor? Steps to reproduce would be great.

Yes using the official example in sandbox configuration

I can’t get the sandbox to be able to work with docker api on my mac machine using the official example additionalReadWritePaths configh and get the above permissioning errors from my previous reply.

Thanks @bdoyle0182, and sorry for the late reply!

I can reproduce this issue and have filed a bug with the team.

In the meantime, adding "networkPolicy": { "default": "allow" } would serve as a workaround. It’s broader than ideal, but it should resolve the problem temporarily.

Thanks Colin, unfortunately managing an enterprise org so can’t set up an allow all for people. Hopefully this gets fixed soon.