sleeyax/claude-sandbox

## claude-sandbox
#!/usr/bin/env bash

# claude-sandbox - Run Claude in a sandboxed firejail environment
# This script runs Claude in firejail with filesystem isolation
# while maintaining access to current directory and Claude configuration
#
# Usage: claude-sandbox [--docker] [claude args...]

set -euo pipefail

# Parse our flags, pass the rest to claude
DOCKER=false
CLAUDE_ARGS=()
for arg in "$@"; do
    case "$arg" in
        --docker) DOCKER=true ;;
        *) CLAUDE_ARGS+=("$arg") ;;
    esac
done

CURRENT_DIR="$(pwd)"
CLAUDE_PATH="$(readlink -f "$(which claude)")" || { echo "claude not found in PATH"; exit 1; }
FIREJAIL_ARGS=(
    # Use noprofile to avoid default restrictions that might block large directories
    --noprofile

    # Security restrictions
    --private-tmp             # Private /tmp directory
    --caps.drop=all           # Drop all capabilities
    --nonewprivs              # Prevent privilege escalation

    # Filesystem access - whitelist specific paths only
    --whitelist="$CURRENT_DIR"        # Allow access to current directory
    --read-write="$CURRENT_DIR"       # Make current directory writable

    --quiet                            # Suppress harmless overlay2 remount warnings
)

# Docker support (opt-in — socket access bypasses sandbox isolation)
if [ "$DOCKER" = true ]; then
    echo "WARNING: Docker support enabled — socket access bypasses sandbox isolation"
    FIREJAIL_ARGS+=(--whitelist=/run/docker.sock)
    FIREJAIL_ARGS+=(--read-write=/run/docker.sock)
else
    FIREJAIL_ARGS+=(--noroot)     # Disable root (remaps group IDs, blocks docker socket)
    FIREJAIL_ARGS+=(--nogroups)   # Drop supplementary groups
fi

# Add Claude configuration access if files/directories exist
if [ -d "$HOME/.claude" ]; then
    FIREJAIL_ARGS+=(--whitelist="$HOME/.claude")
    FIREJAIL_ARGS+=(--read-write="$HOME/.claude")
fi

if [ -f "$HOME/.claude.json" ]; then
    FIREJAIL_ARGS+=(--whitelist="$HOME/.claude.json")
    FIREJAIL_ARGS+=(--read-write="$HOME/.claude.json")
fi

# Run Claude in firejail sandbox
echo "Starting claude in firejail sandbox..."
exec firejail "${FIREJAIL_ARGS[@]}" "$CLAUDE_PATH" "--dangerously-skip-permissions" "${CLAUDE_ARGS[@]}"
	#!/usr/bin/env bash

	# claude-sandbox - Run Claude in a sandboxed firejail environment
	# This script runs Claude in firejail with filesystem isolation
	# while maintaining access to current directory and Claude configuration
	#
	# Usage: claude-sandbox [--docker] [claude args...]

	set -euo pipefail

	# Parse our flags, pass the rest to claude
	DOCKER=false
	CLAUDE_ARGS=()
	for arg in "$@"; do
	case "$arg" in
	--docker) DOCKER=true ;;
	*) CLAUDE_ARGS+=("$arg") ;;
	esac
	done

	CURRENT_DIR="$(pwd)"
	CLAUDE_PATH="$(readlink -f "$(which claude)")" \|\| { echo "claude not found in PATH"; exit 1; }
	FIREJAIL_ARGS=(
	# Use noprofile to avoid default restrictions that might block large directories
	--noprofile

	# Security restrictions
	--private-tmp # Private /tmp directory
	--caps.drop=all # Drop all capabilities
	--nonewprivs # Prevent privilege escalation

	# Filesystem access - whitelist specific paths only
	--whitelist="$CURRENT_DIR" # Allow access to current directory
	--read-write="$CURRENT_DIR" # Make current directory writable

	--quiet # Suppress harmless overlay2 remount warnings
	)

	# Docker support (opt-in — socket access bypasses sandbox isolation)
	if [ "$DOCKER" = true ]; then
	echo "WARNING: Docker support enabled — socket access bypasses sandbox isolation"
	FIREJAIL_ARGS+=(--whitelist=/run/docker.sock)
	FIREJAIL_ARGS+=(--read-write=/run/docker.sock)
	else
	FIREJAIL_ARGS+=(--noroot) # Disable root (remaps group IDs, blocks docker socket)
	FIREJAIL_ARGS+=(--nogroups) # Drop supplementary groups
	fi

	# Add Claude configuration access if files/directories exist
	if [ -d "$HOME/.claude" ]; then
	FIREJAIL_ARGS+=(--whitelist="$HOME/.claude")
	FIREJAIL_ARGS+=(--read-write="$HOME/.claude")
	fi

	if [ -f "$HOME/.claude.json" ]; then
	FIREJAIL_ARGS+=(--whitelist="$HOME/.claude.json")
	FIREJAIL_ARGS+=(--read-write="$HOME/.claude.json")
	fi

	# Run Claude in firejail sandbox
	echo "Starting claude in firejail sandbox..."
	exec firejail "${FIREJAIL_ARGS[@]}" "$CLAUDE_PATH" "--dangerously-skip-permissions" "${CLAUDE_ARGS[@]}"
No results found