fix(cli): resolve permission denied in sandbox on NixOS and other distros

[cocosheng-g]

Summary

Fixes a 'permission denied' (EACCES) error when running in sandbox mode on Linux distributions like NixOS where the host user's UID is not 1000.

Details

The issue was caused by a UID/GID mismatch between the host user and the container user when mounting the configuration directory.

Key Changes:

• Expanded OS Support: Updated distribution heuristics to automatically enable UID/GID mapping for NixOS, Arch, Fedora, and Suse/OpenSUSE. Improved detection regex to support quoted values in /etc/os-release.
• Robust User Mapping:
  • Overhauled the entrypoint logic to handle UID/GID collisions by checking for ID existence rather than just the 'gemini' username.
  • Used groupadd -o to support non-unique GIDs (common for GID 1000).
  • Dynamically resolve the container username using id -nu ${uid} for switching via su.
• Security Hardening:
  • Removed insecure fallback to root execution. If useradd is missing or mapping fails, the container now fails explicitly with a clear error message.
  • Implemented robust shell quoting for the host's home directory path and the resolved username to prevent command injection.
• Improved UX: Added a proactive warning for unrecognized Linux distributions with a UID mismatch, guiding users to manually enable the fix via environment variables.

Impact on Users

• Linux Users (NixOS, Arch, etc.): Fixes persistent 'Permission Denied' errors by automatically mapping host users into the container.
• macOS/Windows Users: Zero impact; logic is strictly Linux-specific with no performance overhead.
• Security: Hardens host-to-container boundaries by preventing insecure root fallback and sanitizing shell inputs.
• Minimal Images: Provides clearer error messages for images lacking user management tools (like Alpine), ensuring users don't inadvertently run as root with host mounts.

Related Issues

Fixes #16968

How to Validate

1. Unit Tests: Run npm test -w @google/gemini-cli -- src/utils/sandboxUtils.test.ts src/utils/sandbox.test.ts (46 tests).
2. Manual (Linux): On a non-Debian/Ubuntu system with a non-1000 UID, run gemini -s 'Say hello'.
3. Manual (Minimal Container): Run with a minimal image (e.g., Alpine) and verify it fails securely.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • Linux
    • Docker

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses permission denied (EACCES) errors occurring in sandbox mode on Linux distributions where the host user's UID is not 1000. By improving distribution detection and implementing a more robust, defensive entrypoint script, the changes ensure that the sandbox environment correctly handles user mapping across a wider range of Linux environments while maintaining compatibility with minimal container images.

Highlights

• Expanded Linux Distribution Support: Updated heuristics in shouldUseCurrentUserInSandbox to automatically enable UID/GID mapping for NixOS, Arch, Fedora, and Suse.
• Defensive Container Entrypoint: Modified the entrypoint to check for useradd availability, ensuring compatibility with minimal container images like Alpine.
• Proactive User Warnings: Added a warning mechanism for unrecognized Linux distributions when a UID mismatch is detected, providing guidance on manual configuration.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request enhances sandbox compatibility across various Linux distributions by expanding the list of supported distros (including NixOS, Arch, Fedora, and Suse) and implementing a defensive entrypoint that checks for useradd availability before attempting user mapping. It also introduces a warning for potential UID mismatches on unrecognized Linux systems and includes corresponding unit tests. Feedback was provided to improve the robustness of the shell commands, specifically regarding the handling of spaces in home directory paths, ensuring non-unique GID support for groupadd, and improving the script's formatting for better readability.

[github-actions]

Size Change: +882 B (0%)

Total Size: 34.1 MB

Filename	Size	Change
./bundle/chunk-2NOBESZO.js	0 B	-19.5 kB (removed)	🏆
./bundle/chunk-72RQL7GE.js	0 B	-49.2 kB (removed)	🏆
./bundle/chunk-A4XWDYZK.js	0 B	-3.43 kB (removed)	🏆
./bundle/chunk-LQEJ2VAV.js	0 B	-659 kB (removed)	🏆
./bundle/chunk-NPX5K6MP.js	0 B	-3.8 kB (removed)	🏆
./bundle/chunk-SNUKETL6.js	0 B	-12.5 kB (removed)	🏆
./bundle/chunk-TAJKYYTI.js	0 B	-14.8 MB (removed)	🏆
./bundle/chunk-Z2553FGZ.js	0 B	-2.79 MB (removed)	🏆
./bundle/core-W4RXIU4D.js	0 B	-49.3 kB (removed)	🏆
./bundle/devtoolsService-7ZZY2TQV.js	0 B	-28 kB (removed)	🏆
./bundle/gemini-AF4SYAZ5.js	0 B	-587 kB (removed)	🏆
./bundle/interactiveCli-R36YKXKW.js	0 B	-1.3 MB (removed)	🏆
./bundle/liteRtServerManager-V7SQDDIT.js	0 B	-2.11 kB (removed)	🏆
./bundle/oauth2-provider-WQ5AVQLG.js	0 B	-9.16 kB (removed)	🏆
./bundle/chunk-E6HY6FTH.js	19.5 kB	+19.5 kB (new file)	🆕
./bundle/chunk-EYTEKNLD.js	3.43 kB	+3.43 kB (new file)	🆕
./bundle/chunk-HEGCTUPF.js	12.5 kB	+12.5 kB (new file)	🆕
./bundle/chunk-JUCPFMTA.js	3.8 kB	+3.8 kB (new file)	🆕
./bundle/chunk-LP7O66IS.js	49.2 kB	+49.2 kB (new file)	🆕
./bundle/chunk-T47IFTYZ.js	2.79 MB	+2.79 MB (new file)	🆕
./bundle/chunk-UVNUCQXO.js	14.8 MB	+14.8 MB (new file)	🆕
./bundle/chunk-WZETNQZW.js	659 kB	+659 kB (new file)	🆕
./bundle/core-LZYX5KHB.js	49.3 kB	+49.3 kB (new file)	🆕
./bundle/devtoolsService-KKNCBVIR.js	28 kB	+28 kB (new file)	🆕
./bundle/gemini-YELSAWIA.js	588 kB	+588 kB (new file)	🆕
./bundle/interactiveCli-KE2AXQNB.js	1.3 MB	+1.3 MB (new file)	🆕
./bundle/liteRtServerManager-OHR7GOYO.js	2.11 kB	+2.11 kB (new file)	🆕
./bundle/oauth2-provider-VJSOAN4J.js	9.16 kB	+9.16 kB (new file)	🆕

ℹ️ View Unchanged

Filename	Size	Change
./bundle/bundled/third_party/index.js	8 MB	0 B
./bundle/chunk-34MYV7JD.js	2.45 kB	0 B
./bundle/chunk-5AUYMPVF.js	858 B	0 B
./bundle/chunk-5PS3AYFU.js	1.18 kB	0 B
./bundle/chunk-664ZODQF.js	124 kB	0 B
./bundle/chunk-7BNI4AA2.js	1.98 MB	0 B
./bundle/chunk-DAHVX5MI.js	206 kB	0 B
./bundle/chunk-IUUIT4SU.js	56.5 kB	0 B
./bundle/chunk-RJTRUG2J.js	39.8 kB	0 B
./bundle/cleanup-45R5JOQG.js	0 B	-932 B (removed)	🏆
./bundle/devtools-36NN55EP.js	696 kB	0 B
./bundle/dist-T73EYRDX.js	356 B	0 B
./bundle/events-XB7DADIJ.js	418 B	0 B
./bundle/examples/hooks/scripts/on-start.js	188 B	0 B
./bundle/examples/mcp-server/example.js	1.43 kB	0 B
./bundle/gemini.js	5.1 kB	0 B
./bundle/getMachineId-bsd-TXG52NKR.js	1.55 kB	0 B
./bundle/getMachineId-darwin-7OE4DDZ6.js	1.55 kB	0 B
./bundle/getMachineId-linux-SHIFKOOX.js	1.34 kB	0 B
./bundle/getMachineId-unsupported-5U5DOEYY.js	1.06 kB	0 B
./bundle/getMachineId-win-6KLLGOI4.js	1.72 kB	0 B
./bundle/memoryDiscovery-URNH4AK4.js	980 B	0 B
./bundle/multipart-parser-KPBZEGQU.js	11.7 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	222 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	229 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	13.4 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B
./bundle/src-QVCVGIUX.js	47 kB	0 B
./bundle/start-ZOGEZGEH.js	0 B	-652 B (removed)	🏆
./bundle/tree-sitter-7U6MW5PS.js	274 kB	0 B
./bundle/tree-sitter-bash-34ZGLXVX.js	1.84 MB	0 B
./bundle/cleanup-4CMRBFQP.js	932 B	+932 B (new file)	🆕
./bundle/start-6ERGZGCL.js	652 B	+652 B (new file)	🆕

_{compressed-size-action}

[cocosheng-g]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces defensive entrypoint logic to the sandbox to support minimal container images and expands automatic UID/GID mapping to additional Linux distributions like NixOS, Arch, and Fedora. Feedback highlights a security risk where the fallback to root execution could lead to privilege escalation, suggesting an explicit error instead. Additionally, there are concerns regarding potential command injection via unescaped home directory paths and a recommendation to use anchored regular expressions for more reliable OS distribution detection in /etc/os-release.

[cocosheng-g]

/gemini review

[gemini-code-assist]

Code Review

This pull request expands the list of supported Linux distributions for automatic UID/GID mapping in the sandbox and introduces a defensive entrypoint script to handle user creation more robustly. Review feedback pointed out that the distribution detection regex lacks support for quoted values and identified potential GID mismatches in the user setup logic.

[cocosheng-g]

/gemini review

[gemini-code-assist]

Code Review

This pull request improves sandbox UID/GID mapping by expanding Linux distribution support and introducing a defensive entrypoint script that checks for user management tools. A security issue was identified in the new entrypoint logic where a failure in UID mapping could lead to an insecure fallback to root execution; a code suggestion was provided to validate the username before switching users.

[cocosheng-g]

/gemini review

[gemini-code-assist]

Code Review

This pull request improves sandbox user management by introducing a defensive entrypoint that verifies 'useradd' availability before performing UID/GID mapping. It also extends automatic user mapping support to additional Linux distributions like NixOS, Arch, Fedora, and Suse, while adding warnings for UID mismatches on unrecognized systems. I have no feedback to provide as no review comments were present.