Skip to content

fix: --ssh flag for running containers (issue #1189)#1214

Open
chavezMac wants to merge 2 commits intoapple:mainfrom
chavezMac:sshFlagAuthSocketFix
Open

fix: --ssh flag for running containers (issue #1189)#1214
chavezMac wants to merge 2 commits intoapple:mainfrom
chavezMac:sshFlagAuthSocketFix

Conversation

@chavezMac
Copy link

@chavezMac chavezMac commented Feb 14, 2026

Type of Change

  • Bug fix
  • New feature
  • Breaking change
  • Documentation update

Motivation and Context

[Why is this change needed?]
-Issue pointed out by @vibbix, when attempting to use the --ssh flag in the container run ... command the value of SSH_AUTH_SOCK was not persisting and would result in a "The agent has no identities." as noted in the original issue.

Following the how-to documentation, future users may run into this issue as well.

Root cause: The runtime helper is started by launchd (per-container plist), so it sees launchd’s environment, not the shell that ran container run. The client’s SSH_AUTH_SOCK (e.g. from 1Password) was never passed into the container config, so the wrong socket was being used or no socket was used.

Fix: The client now captures the caller’s SSH_AUTH_SOCK when --ssh is set and stores it in the container config. The sandbox service resolves the host socket with precedence: config → runtime env → launchctl, and mounts that path into the container so the correct agent is used across stop/logout/login/restart.

Testing

  • Tested locally
  • Added/updated tests
  • Added/updated docs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chavezMac