diff --git a/nix/templates/harness-base.nix b/nix/templates/harness-base.nix
index 359adc3..62fa305 100644
--- a/nix/templates/harness-base.nix
+++ b/nix/templates/harness-base.nix
@@ -347,6 +347,14 @@
       "flakes"
     ];
 
+    # Containers bind-mount the host's nix-daemon socket. The host daemon
+    # may be configured with remote builders or strict sandbox settings
+    # (sandbox-fallback = false) that make local `nix build` invocations
+    # fail inside the container. Enable sandbox-fallback so builds that
+    # can't set up the sandbox (no user-namespaces in nspawn) fall back
+    # to unsandboxed local builds rather than failing outright.
+    nix.settings.sandbox-fallback = true;
+
     # `claude-code` is unfree. Each per-agent container's nixosConfiguration
     # evaluates its own `nixpkgs` instance, so the operator's host-level
     # `nixpkgs.config.allowUnfreePredicate` does not propagate into here —