Sandboxing blocks access to the .git file of a git worktree

mnikl · March 6, 2026, 4:52pm

Where does the bug appear (feature/product)?

Cursor IDE & Cursor CLI

Describe the Bug

When in a worktree, the sandbox incorrectly blocks reading of the .git worktree pointer file. It should allow read access to it. Without that all git operations in a worktree fail under sandbox.

Steps to Reproduce

Create a git worktree from a git repository
Open Cursor IDE/CLI with sandboxing enabled in the new worktree
Instruct the agent to e.g. run git log - it is unable to do so, running the command fails in the sandbox
Even trying to run cat .git fails

The chain of failure

Git opens .git (the worktree pointer file) to learn where the real repo is
Sandbox blocks this read (EACCES)
Git dies immediately — it never gets to discover the gitdir path
All git commands fail in the sandbox

Expected Behavior

The agent should be able to run cat .git just fine when in a worktree and under sandbox.

Subsequently, any git command should succeed (after adding the “full repo” path to additionalReadwritePaths)

Operating System

Linux

Version Information

Version: 2.6.12
VSCode Version: 1.105.1
Commit: 1917e900a0c4b0111dc7975777cfff60853059d0
Date: 2026-03-04T21:41:18.914Z
Build Type: Stable
Release Track: Default
Electron: 39.6.0
Chromium: 142.0.7444.265
Node.js: 22.22.0
V8: 14.2.231.22-electron.0
OS: Darwin arm64 25.1.0

(remote development, ssh’d to a linux machine)
About Cursor CLI - on the remote machine:

CLI Version 2026.02.27-e7d2ef6
Model Claude 4.6 Opus
OS linux (x64)
Terminal unknown
Shell bash

Additional Information

This seems to be a sandboxing issue - happens both in IDE and CLI.

Does this stop you from using Cursor

No - Cursor works, but with this issue

mnikl · March 6, 2026, 5:04pm

Instructing the agent to run stat .git under the sandbox gives:

  File: .git
  Size: 0         	Blocks: 0          IO Block: 4096   regular empty file
Device: f7h/247d	Inode: 2           Links: 1
Access: (0000/----------)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2026-03-06 18:03:07.378678129 +0100
Modify: 2026-03-06 18:03:07.378678129 +0100
Change: 2026-03-06 18:03:07.378678129 +0100
 Birth: 2026-03-06 18:03:07.378678129 +0100

Colin · March 8, 2026, 3:30pm

Hi Matej!

Thanks for the excellent file report. I’ve filed this with the team.

Unfortunately, I think the only workaround at the moment is to not use the sandbox.

mikej96 · March 23, 2026, 2:59am

How does one disable the sandbox?

Colin · March 23, 2026, 3:14pm

@mikej96 In the IDE, go to Cursor Settings > Agents > Auto-Run Mode and set it to Ask Every Time or Run Everything.

With the Cursor CLI, type /sandbox to enable or disable it.

Topic		Replies	Views
Cursor 2.0 Agent in Git Worktree asks to write to every file inside the worktree Bug Reports	11	1136	December 24, 2025
Sandbox blocks `uv run` due to .gitignore marker file in uv cache Bug Reports java	6	276	January 18, 2026
Linux sandbox fails — cannot find ripgrep in mount namespace Bug Reports sandbox , linux	3	83	April 4, 2026
Bug: Native Agent Sandbox fails with "ripgrep execution failed (os error 2)" during pre-discovery on Linux Bug Reports sandbox , terminal , linux	2	59	April 4, 2026
Agent editing files with shell/python - Permission denied from Read and StrReplace tools when using git worktrees Bug Reports worktrees , linux	6	75	March 25, 2026