fix: EROFS on cache volumes, Claude Code native install, dynamic workdir#56
Merged
fix: EROFS on cache volumes, Claude Code native install, dynamic workdir#56
Conversation
added 2 commits
March 18, 2026 16:35
… dynamic workdir Remove EROFS-causing read-only mount enforcement on complete cache volumes -- all cache states now mount read-write, eliminating the `readonly` field from CacheMount and `is_readonly()` from CacheState. Replace npm-based Claude Code install with the native curl installer (claude.ai/install.sh) so Claude manages its own updates independently of nvm/Node. Add ~/.claude to skel and bootstrap skeleton list. Derive container workdir from the project folder name (e.g. /my-app instead of /workspace), with a blocklist for system directory names. Simplify setup_cache_for_lockfile to return a plain bool instead of an unused (CacheState, bool) tuple.
Add ssh-agent to blocked workdir names to prevent mount conflict when project directory is named ssh-agent (overlays the SSH agent socket mount point at /ssh-agent).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Three post-v1.5.0 fixes:
EROFS fix: Remove read-only (
:ro) mount enforcement onCompletecache volumes. TheComplete → :rodesign blocked legitimate operations likenpm install -g(bootstrap),npx(runtime), andcargo install. Content-addressing (same lockfile = same volume) is the real protection —:roadded no security value inside a sandboxed container.Claude Code native installer: Replace
npm install -g @anthropic-ai/claude-codewith the official native installer (curl -fsSL https://claude.ai/install.sh | bash). Adds~/.claude/binto PATH,/etc/skel, and bootstrap skeleton.Dynamic workdir: Derive container workdir from project folder name (e.g.,
~/Sandbox/minotaur→/minotaur) instead of always/workspace. Blocklist prevents overlay on system dirs. Customcontainer.workdirconfig is respected.Test plan
cargo clippy -- -D warningscleancargo fmt --checkcleanmino run→ no EROFS during bootstrap ornpxclaude doctorshows native install/{project_name}