[anygivnthursday]

This. I am running Claude in its own QEMU VM, it has git access to my project only if I explicitly unlock the ssh key for it. The other day I realized it trying to push a change, it didn't have permission, so it went looking for "workarounds" and found I had a github cli session and tried to use that, luckily the creds for that was also read scoped. But the point is, if I did not give permission and it sees I did not give permission, it should not try to find a workaround/exploit autonomously.

[fransje26]

> I am running Claude in its own QEMU VM

How much system resources does it need to work smoothly? I was also thinking about doing something similar.

[anygivnthursday]

I dont think Claude itself needs much, its more like what you do with it. In my case it is doing some gradle builds and java tests with some postgres docker containers inside the vm so I gave it max 8G RAM with 4 cores and have no issues. I share my workspace folder (with virtiofs and also the user home so I can rebuild the vm from scratch and keep settings) because I like my tools on the host and my full creds are outside and I didnt want to keep syncing branches. I access it with ssh (with passt). So far no real issues.

[anygivnthursday]

Late edit, I wanted to clarify I do not share my user home, but the VM user home for backups, thats separate user that does not have my own users credentials etc

[fransje26]

Thanks!