From ced7c593d9a37be2c7857b39cb8ceafc955fb368 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 10 Feb 2026 21:28:31 +0000 Subject: [PATCH] devenv: Disable apt sandboxing in nested containers Add APT::Sandbox::User "root" configuration to prevent setgroups failures when running apt in nested user namespace environments. This fixes apt package installation failures that occur when the container's user namespace mapping causes large UIDs/GIDs that exceed system limits. Assisted-by: OpenCode (Sonnet 4.5) --- devenv/Containerfile.debian | 3 +++ 1 file changed, 3 insertions(+) diff --git a/devenv/Containerfile.debian b/devenv/Containerfile.debian index 4a1ea3b..d0588d8 100644 --- a/devenv/Containerfile.debian +++ b/devenv/Containerfile.debian @@ -7,6 +7,9 @@ RUN ln -sfr /bin/bash /bin/sh RUN < /etc/apt/apt.conf.d/99sandbox-disable + # Initialize some basic packages apt -y update && apt -y install curl time bzip2