Created
December 30, 2025 03:10
-
-
Save aw/8374edf74b9bfcae7687b6357695249f to your computer and use it in GitHub Desktop.
AI sandbox for Claude and Codex
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # To avoid running Claude or Codex in a way that could be considered "dangerous" | |
| # | |
| # Install Ubuntu Noble into a local dir | |
| sudo apt install -y debootstrap systemd-container | |
| sudo debootstrap --variant=minbase noble ~/ai-sandbox-rootfs http://archive.ubuntu.com/ubuntu | |
| # Enter your sandbox and bind-mount your code dir | |
| sudo systemd-nspawn \ | |
| -D ~/ai-sandbox-rootfs \ | |
| --bind="$HOME/code:/code" \ | |
| --tmpfs=/tmp:mode=1777 \ | |
| --resolv-conf=bind-host \ | |
| /bin/bash | |
| # Install a few things in the sandbox | |
| apt update | |
| apt install curl git tzdata coreutils ping host | |
| # Add an unpriviledged user | |
| useradd -m -s /bin/bash youruser | |
| # Set sane permissions on /tmp | |
| chmod 1777 /tmp | |
| # Change to user and access your code | |
| su - youruser | |
| cd /code | |
| # Install Claude and Codex and Whatever | |
| # ... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment