- Host: macOS 15 (Darwin 25.3.0), Apple Silicon (arm64)
- Container runtime: Docker Desktop (daemon running and verified)
- Leash: version 1.1.7 (git hash 5bf1c64, build 2026-03-11), installed via
npm install -g @strongdm/leash
Symptom
leash --policy <file> claude consistently fails during bootstrap with:
```
target container terminated before bootstrap completed (state=exited (exit=1)).
Recent docker logs (powercampus):
leash-entry: waiting for leash certificate
leash-entry: installing CA certificate
leash-entry: updating CA certificates
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
leash-error: failed to signal bootstrap completion: create temp marker: open /leash/bootstrap.ready.NNN: permission denied
```
The CA cert install (which exercises Cedar permits on /etc/, /lib/, /usr/sbin/) succeeds — the failure is specifically when leash-entry (inside the target container) tries to write /leash/bootstrap.ready.NNN into the shared /leash volume.
Verbose output
```
event=runner.private-dir.ready mode="0700" path="/var/folders/86/.../T/leash.PowerCampus.NNN/private" source="created"
Updated Cedar policy from .../leash-cedar-policy.cedar
Auto-mounted /Users//.claude (claude) -> /root/.claude (scope=project)
Auto-mounted /Users//.claude.json (claude-config) -> /root/.claude.json (scope=project)
event=runner.container-config role=target mounts=["/leash", ".../", "/root/.claude", "/root/.claude.json"] env=[...]
event=runner.container-config role=leash mounts=["/sys/fs/cgroup", "/log", "/cfg", "/leash", "/leash-private"] env=[...]
Leash CA certificate is available at /var/folders/86/.../T/leash.PowerCampus.NNN/leash-NNNN/ca-cert.pem
```
The shared /leash bind-mounts from /var/folders/.../T/leash.PowerCampus.NNN/... on the macOS host. The runner creates this temp dir at mode 0700 (observed for the sibling /private dir).
Diagnosis
This appears to be a Docker Desktop bind-mount UID translation issue, not a Cedar policy issue:
- BOOT.md says the marker write happens during the Bootstrap phase, before LSM enforcement attaches in Activation — so Cedar should not be the blocker at this step.
- The host temp dir is owned by uid 501 (the operator's user) at mode 0700.
- The target container's
leash-entry process gets POSIX EACCES on the write into the bind-mounted /leash.
This is consistent with Docker Desktop's bind-mount UID translation failing to grant write access despite the container process having an effective UID that "should" be able to write (and despite normal Linux Docker semantics where container-root can write to host-mounted dirs regardless of host-side mode).
Workarounds tried — none worked
- Cedar permit
Dir::"/leash/" for FileOpen, FileOpenReadOnly, FileOpenReadWrite actions. Same EACCES. (Confirms Cedar isn't the blocker.)
LEASH_HOME=$HOME/.leash-state with chmod 0777 on that dir. Same EACCES.
- Verified no stale containers / orphan processes / leftover volumes between attempts.
Adjacent context
Minimal repro
- Install Leash 1.1.7 on macOS arm64 with Docker Desktop.
- Create a Cedar policy that permits
Dir::"/leash/" for all FileOpen* actions, plus the usual /bin, /usr, /lib, /etc etc. dirs needed to get past the CA cert install (without those, the failure looks like libc.so.6: cannot open shared object file).
- Run
leash -V --policy <that file> claude in any project directory.
- Bootstrap fails at the marker-write step.
Happy to share the full policy file or capture additional -V output if useful.
npm install -g @strongdm/leashSymptom
leash --policy <file> claudeconsistently fails during bootstrap with:```
target container terminated before bootstrap completed (state=exited (exit=1)).
Recent docker logs (powercampus):
leash-entry: waiting for leash certificate
leash-entry: installing CA certificate
leash-entry: updating CA certificates
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
leash-error: failed to signal bootstrap completion: create temp marker: open /leash/bootstrap.ready.NNN: permission denied
```
The CA cert install (which exercises Cedar permits on
/etc/,/lib/,/usr/sbin/) succeeds — the failure is specifically whenleash-entry(inside the target container) tries to write/leash/bootstrap.ready.NNNinto the shared/leashvolume.Verbose output
```
event=runner.private-dir.ready mode="0700" path="/var/folders/86/.../T/leash.PowerCampus.NNN/private" source="created"
Updated Cedar policy from .../leash-cedar-policy.cedar
Auto-mounted /Users//.claude (claude) -> /root/.claude (scope=project)
Auto-mounted /Users//.claude.json (claude-config) -> /root/.claude.json (scope=project)
event=runner.container-config role=target mounts=["/leash", ".../", "/root/.claude", "/root/.claude.json"] env=[...]
event=runner.container-config role=leash mounts=["/sys/fs/cgroup", "/log", "/cfg", "/leash", "/leash-private"] env=[...]
Leash CA certificate is available at /var/folders/86/.../T/leash.PowerCampus.NNN/leash-NNNN/ca-cert.pem
```
The shared
/leashbind-mounts from/var/folders/.../T/leash.PowerCampus.NNN/...on the macOS host. The runner creates this temp dir at mode0700(observed for the sibling/privatedir).Diagnosis
This appears to be a Docker Desktop bind-mount UID translation issue, not a Cedar policy issue:
leash-entryprocess gets POSIX EACCES on the write into the bind-mounted/leash.This is consistent with Docker Desktop's bind-mount UID translation failing to grant write access despite the container process having an effective UID that "should" be able to write (and despite normal Linux Docker semantics where container-root can write to host-mounted dirs regardless of host-side mode).
Workarounds tried — none worked
Dir::"/leash/"forFileOpen,FileOpenReadOnly,FileOpenReadWriteactions. Same EACCES. (Confirms Cedar isn't the blocker.)LEASH_HOME=$HOME/.leash-statewithchmod 0777on that dir. Same EACCES.Adjacent context
/var/foldersaccessibility issue specific to Colima. Mine is Docker Desktop with a different symptom but seemingly the same root: shared/leashbind mount permissions don't survive the host↔container UID translation on macOS.Minimal repro
Dir::"/leash/"for allFileOpen*actions, plus the usual/bin,/usr,/lib,/etcetc. dirs needed to get past the CA cert install (without those, the failure looks likelibc.so.6: cannot open shared object file).leash -V --policy <that file> claudein any project directory.Happy to share the full policy file or capture additional
-Voutput if useful.