Comment by Nition
16 hours ago
I'm currently stuck on Windows, but I thought sandboxing was built in to Claude Code as a feature on Linux with the /sandbox command?
16 hours ago
I'm currently stuck on Windows, but I thought sandboxing was built in to Claude Code as a feature on Linux with the /sandbox command?
/sandbox AFAIK uses https://github.com/anthropic-experimental/sandbox-runtime under the hood.
It's still experimental and if you dive into the issues I would call its protection light. Many users experiences erratic issues with perms not being enforced, etc.
For me the largest limitation was that it's read-mode is deny-only, meaning that with an empty deny-list it can read all files on your laptop.
Restricting to specific domains have worked fine for me, but it can't block on specific ports, so you can't say for instance you may access these dev-server ports, but not dev-server ports belonging to another sandbox.
It feels as though the primary usecase is running inside an already network and filesystem sandboxed container.
For Windows a quick win is to install VMware Workstation Pro (which is free) and install Ubuntu 24.04 LTS as a VM.
Broadcom bought VMware then released Workstation Pro for free and I don't think they kept the download link but you can get from TechPowerUp:
https://www.techpowerup.com/download/vmware-workstation-pro/
You can then let LLMs on YOLO mode inside it.
What is the advantage of using VMware Workstation Pro for this as opposed to using WSL2?
I think it has default access to your c drive via a mount, for one. You could add layers/sandboxes, but it’s not isolated.
3 replies →
Stronger isolation and choice of OS
Windows has the WSL for native Linux vms, these days (and also the past ~decade)
I can rm -rf Windows files from WSL2. And so can LLMs.
Meanwhile a VM isolates by default.
2 replies →