Comment by kernc

21 hours ago

Since everyone tends to present their own solution, I bid you mine:

    sandbox-run npx @anthropic-ai/claude-code

This runs npx (...) transparently inside a Bubblewrap sandbox, exposing only the $PWD. Contrary to many other solutions, it is a few lines of pure POSIX shell.

https://github.com/sandbox-utils/sandbox-run

5 comments

kernc

Reply
corv  21 hours ago

I like the bubblewrap approach, it just happens to be Linux-only unfortunately. And once privileges are dropped for a process it doesn't appear to be possible to reinstate them.

  • kernc  20 hours ago

    > Linux-only

    What other dev OSs are there?

    > once privileges are dropped [...] it doesn't appear to be possible to reinstate them

    I don't understand. If unprivileged code could easily re-elevate itself, privilege dropping would be meaningless ... If you need to communicate with the outside, you can do so via sockets (such as the bind-mounted X11 socket in one of the readme Examples).

    • corv  20 hours ago

      I happen to use a Mac, even when targeting Linux so I'd have to use a container or VM anyways. It's nice how lightweight bubblewrap would be however.

      Consider one wanted to replicate the human-approval workflow that most agent harnesses offer. It's not obvious to me how that could be accomplished by dropping privileges without an escape hatch.

      2 replies →