Hacker News new | ask | show | jobs
by e1g 125 days ago
Claude Code sandboxing uses the same basic OS primitive but grants read access to the entire filesystem and includes escape hatches (some commands bypass sandboxing). Also, I wanted something solid I can use to limit every agent (OpenCode, Pi, Auggie, etc).
1 comments
qalmakka 125 days ago
On Linux in a pinch you can use bubblewrap to hide and replace directories for a given process
link