Comment by compass_copium

15 hours ago

I do not use claude and will use agents only when I am forced to, so I'm genuinely asking here:

Can claude or other models not be run as a user or program with limited permissions? Do people just not bother to set it up? Why on earth would anyone run an RNG that can access $HOME/.ssh?

5 comments

compass_copium

mschulkind 15 hours ago

There's absolutely nothing special about any of these agents. They're regular processes that execute some subshells. They're trivially jailable.

matheusmoreira 15 hours ago

They absolutely can. I used to run Claude Code inside a firejail. Then I got paranoid to the point I developed my own virtual machine orchestration system just so I could run fully virtualized and isolated per-project Claude Code instances.

ArchOversight 12 hours ago
Do you have more information on this?
- matheusmoreira 5 hours ago
  
  More information on what exactly? The firejail, or my VM orchestration project?
  The latter is here:
  https://github.com/matheusmoreira/virtdev
  I've been using it every day. Just implemented easy backup and restore.

linkregister 15 hours ago

There are many useful tools for easily sandboxing agents. Visual Studio Code has devcontainers, which are trivially used.