A script to run Claude Code in a jail environment using Bubblewrap on Linux

jail-claude.sh

#!/bin/bash

# Installing Bubblewrap on Debian or Ubuntu
# sudo apt install bubblewrap
# sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

CLAUDE=$(which claude 2>/dev/null || echo "$HOME/.local/bin/claude")
NODE=$(which node 2>/dev/null)

if [[ ! -f "$CLAUDE" ]]; then
  echo "error: claude not found"
  exit 1
fi

# Ask for repo dir
read -e -p "Repo path: " REPO
REPO=$(realpath "${REPO/#\~/$HOME}")

if [[ ! -d "$REPO" ]]; then
  echo "error: '$REPO' is not a directory"
  exit 1
fi

BWRAP_ARGS=(
  --bind "$REPO" /workspace
  --ro-bind /usr /usr
  --ro-bind /lib /lib
  --ro-bind /lib64 /lib64
  --ro-bind "$HOME/.local" "$HOME/.local"
  --bind "$HOME/.claude" "$HOME/.claude"
  --ro-bind /etc/resolv.conf /etc/resolv.conf
  --ro-bind /etc/ssl /etc/ssl
  --ro-bind /etc/passwd /etc/passwd
  --ro-bind /etc/nsswitch.conf /etc/nsswitch.conf
  --proc /proc
  --dev /dev
  --unshare-pid
  --chdir /workspace
  --setenv HOME "$HOME"
  --setenv PATH "$HOME/.local/bin:/usr/local/bin:/usr/bin:/bin"
)

# bind node if it lives outside /usr (e.g. nvm)
if [[ -n "$NODE" && "$NODE" != /usr/* ]]; then
  BWRAP_ARGS+=(--ro-bind "$NODE" "$NODE")
  # also bind the nvm root if that's where node came from
  if [[ "$NODE" == *"/.nvm/"* ]]; then
    NVM_DIR=$(echo "$NODE" | sed 's|/.nvm/.*|/.nvm|')
    BWRAP_ARGS+=(--ro-bind "$NVM_DIR" "$NVM_DIR")
  fi
fi

exec bwrap "${BWRAP_ARGS[@]}" claude --dangerously-skip-permissions "$@"