Fix EACCES error in chmod_recursive during cleanup

Keno · claude · staticfloat · commit 646016060e04 · 2026-02-19T21:15:08.000-08:00
The condition `isdir(path) && !islink(path)` calls `isdir` first, which uses `stat()` and follows symlinks. In overlay upper directories, symlinks created inside the sandbox (e.g. Claude Code task output files) point to paths like `/root/.claude/...` that are inaccessible from the host (the host user can't traverse `/root/`). `stat()` follows the symlink and fails with EACCES. Fix by checking `!islink(path)` first. `islink` uses `lstat()` which operates on the symlink itself without following it, so it succeeds. When `islink` returns true, short-circuit evaluation skips the `isdir` call entirely, avoiding the EACCES error. Fixes Keno/ClaudeBox.jl#24 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
diff --git a/src/UserNamespaces.jl b/src/UserNamespaces.jl
@@ -28,7 +28,7 @@ function chmod_recursive(root::String, perms, use_sudo::Bool)
                 rethrow(e)
             end
         end
-        if isdir(path) && !islink(path)
+        if !islink(path) && isdir(path)
             chmod_recursive(path, perms, use_sudo)
         end
     end
diff --git a/test/UserNamespaces.jl b/test/UserNamespaces.jl
@@ -5,6 +5,31 @@ if Sys.islinux()
     @test Sandbox.check_kernel_version()
 end
 
+@testset "chmod_recursive with dangling/inaccessible symlinks" begin
+    mktempdir() do dir
+        # Create a directory tree similar to an overlay upper dir
+        tasks_dir = joinpath(dir, "upper", "rootfs", "tmp", "tasks")
+        mkpath(tasks_dir)
+
+        # Create a symlink pointing to an inaccessible path (simulates a
+        # symlink created inside a sandbox that points through /root/ which
+        # the host user cannot traverse after the sandbox exits)
+        symlink("/root/.claude/nonexistent/agent.jsonl", joinpath(tasks_dir, "abc1234.output"))
+
+        # Also create a regular file to ensure it's still processed
+        touch(joinpath(tasks_dir, "regular.txt"))
+        chmod(joinpath(tasks_dir, "regular.txt"), 0o000)
+
+        # This should not throw — previously it would because `isdir(path)`
+        # was checked before `islink(path)`, and `isdir` uses `stat()` which
+        # follows symlinks to the inaccessible target.
+        @test nothing === Sandbox.chmod_recursive(dir, 0o777, false)
+
+        # Verify the regular file got chmod'd
+        @test filemode(joinpath(tasks_dir, "regular.txt")) & 0o777 == 0o777
+    end
+end
+
 if executor_available(UnprivilegedUserNamespacesExecutor)
     @testset "UnprivilegedUserNamespacesExecutor" begin
         with_executor(UnprivilegedUserNamespacesExecutor) do exe
