Comment by aflag

6 hours ago

I don't know if I want to create an ad-hoc list of permissions. What I would like would be something like take a snapshot of my current workspace in a VM. Run claude there and let it go wild. After the end of the session, kill the box. The only downside is potentially syncing the claude sessions/projects. But I don't think that'd be too difficult.

9 comments

aflag

secure 6 hours ago

I recently blogged about how I do this using MicroVMs on NixOS: https://michael.stapelberg.ch/posts/2026-02-01-coding-agent-...

senko 6 hours ago

> take a snapshot of my current workspace in a VM. Run claude there

Sounds like docker + overlayfs might fit the bill, as long as there's a base image that is close enough to what you need.

I don't think there should be One True Way how to run these, everyone can set it up in a way that best fits their workflow.

ushakov 6 hours ago
both Docker and bubblewrap are not secure sandboxes. the only way to have actually isolated sandboxes is by using VMs
disclaimer: i work on secure sandboxes at E2B
- gf000 4 hours ago
  
  What about cgroups? I know they are not exactly analogous, but to me that seems like a pretty decent solution.
- senko 6 hours ago
  
  No disagreement from me. From the article:
  > Bubblewrap and Docker are not hardened security isolation mechanisms, but that's okay with me.
  Edit to add: my understanding is the major flaw in this approach is potential bugs in Linux kernel that would allow sandbox escape. Would appreciate your insight if there are some easier/more probable attack vectors.
- its-summertime 5 hours ago
  
  Do you have more information on how to set up such VMs?
  
  2 replies →

fsflover 3 hours ago

> What I would like would be something like take a snapshot of my current workspace in a VM.

Sounds like you may be interested in Qubes OS, which runs everything in VMs.