Created
April 30, 2026 14:07
-
-
Save bbinet/ee0c9c8442d7fb4ad918b622f62f5491 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "meta": { | |
| "name": "claude-test", | |
| "version": "1.0.0" | |
| }, | |
| "extends": "claude-code", | |
| "filesystem": { | |
| "allow": [ | |
| "$HOME/dev/salt-setupify" | |
| ], | |
| "read": [], | |
| "write": [], | |
| "read_file": [ | |
| "$HOME/.global_ignore" | |
| ], | |
| "allow_file": [] | |
| }, | |
| "policy": { | |
| "add_deny_access": [ | |
| "$HOME/dev/salt-setupify/.tmp/reclass", | |
| "$HOME/dev/salt-setupify/.ssh", | |
| "$HOME/dev/salt-setupify/compose", | |
| "$HOME/dev/salt-setupify/clone.sh" | |
| ] | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bruno@k-wrk-1:~/dev/salt-setupify $ nono run --allow-cwd --profile claude-test -- cat /home/bruno/dev/salt-setupify/Makefile | |
| nono v0.45.0 | |
| 2026-04-30T14:04:41.013592Z WARN Landlock cannot enforce deny '/home/bruno/dev/salt-setupify/.tmp/reclass' overlaps allowed parent '/home/bruno/dev/salt-setupify' (source: profile). This deny has no effect on Linux. | |
| 2026-04-30T14:04:41.013625Z WARN Landlock cannot enforce deny '/home/bruno/dev/salt-setupify/.ssh' overlaps allowed parent '/home/bruno/dev/salt-setupify' (source: profile). This deny has no effect on Linux. | |
| 2026-04-30T14:04:41.013648Z WARN Landlock cannot enforce deny '/home/bruno/dev/salt-setupify/compose' overlaps allowed parent '/home/bruno/dev/salt-setupify' (source: profile). This deny has no effect on Linux. | |
| 2026-04-30T14:04:41.013665Z WARN Landlock cannot enforce deny '/home/bruno/dev/salt-setupify/clone.sh' overlaps allowed parent '/home/bruno/dev/salt-setupify' (source: profile). This deny has no effect on Linux. | |
| 2026-04-30T14:04:41.013708Z ERROR Sandbox initialization failed: Landlock deny-overlap is not enforceable on Linux. Refusing to start with conflicting policy. | |
| Remove the broad allow path, remove the deny path, or restructure permissions. | |
| Conflicts: | |
| - deny '/home/bruno/dev/salt-setupify/.ssh' overlaps allowed parent '/home/bruno/dev/salt-setupify' (source: profile) | |
| - deny '/home/bruno/dev/salt-setupify/.tmp/reclass' overlaps allowed parent '/home/bruno/dev/salt-setupify' (source: profile) | |
| - deny '/home/bruno/dev/salt-setupify/clone.sh' overlaps allowed parent '/home/bruno/dev/salt-setupify' (source: profile) | |
| - deny '/home/bruno/dev/salt-setupify/compose' overlaps allowed parent '/home/bruno/dev/salt-setupify' (source: profile) | |
| nono: Sandbox initialization failed: Landlock deny-overlap is not enforceable on Linux. Refusing to start with conflicting policy. | |
| Remove the broad allow path, remove the deny path, or restructure permissions. | |
| Conflicts: | |
| - deny '/home/bruno/dev/salt-setupify/.ssh' overlaps allowed parent '/home/bruno/dev/salt-setupify' (source: profile) | |
| - deny '/home/bruno/dev/salt-setupify/.tmp/reclass' overlaps allowed parent '/home/bruno/dev/salt-setupify' (source: profile) | |
| - deny '/home/bruno/dev/salt-setupify/clone.sh' overlaps allowed parent '/home/bruno/dev/salt-setupify' (source: profile) | |
| - deny '/home/bruno/dev/salt-setupify/compose' overlaps allowed parent '/home/bruno/dev/salt-setupify' (source: profile) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment