claude-sandbox

#!/usr/bin/env bash

# claude-sandbox - Run Claude in a sandboxed firejail environment
# This script runs Claude in firejail with filesystem isolation
# while maintaining access to current directory and Claude configuration

set -euo pipefail

CURRENT_DIR="$(pwd)"
CLAUDE_PATH="$(readlink -f $(which claude))"
FIREJAIL_ARGS=(
    # Use noprofile to avoid default restrictions that might block large directories
    --noprofile
    
    # Security restrictions
    --private-tmp             # Private /tmp directory
    --noroot                  # Disable su/sudo inside sandbox
    --caps.drop=all           # Drop all capabilities
    --nonewprivs              # Prevent privilege escalation
    --nogroups                # Don't inherit supplementary groups
    
    # Filesystem access - whitelist specific paths only
    --whitelist="$CURRENT_DIR"        # Allow access to current directory
    --read-write="$CURRENT_DIR"       # Make current directory writable
    --whitelist=~/.local              # For claude exec tracking
    --read-write=~/.local
)

# Add Claude configuration access if files/directories exist
if [ -d "$HOME/.claude" ]; then
    FIREJAIL_ARGS+=(--whitelist="$HOME/.claude")
    FIREJAIL_ARGS+=(--read-write="$HOME/.claude")
fi

if [ -f "$HOME/.claude.json" ]; then
    FIREJAIL_ARGS+=(--whitelist="$HOME/.claude.json")
    FIREJAIL_ARGS+=(--read-write="$HOME/.claude.json")
fi

# Add project-level .claude directory if it exists
if [ -d "./.claude" ]; then
    FIREJAIL_ARGS+=(--whitelist="$CURRENT_DIR/.claude")
    FIREJAIL_ARGS+=(--read-write="$CURRENT_DIR/.claude")
fi

# Run Claude in firejail sandbox
echo "Starting claude in firejail sandbox..."
exec firejail "${FIREJAIL_ARGS[@]}" bash "$CLAUDE_PATH" "--dangerously-skip-permissions" "$@"