| ▲ | runekaagaard 7 hours ago |
| It's impossible to not get decision-fatique and just mash enter anyway after a couple of months with Claude not messing anything important up, so a sandboxed approach in YOLO mode feels much safer. It takes the stress about needing to monitor all the agents all the time too, which is great and creates incentives to learn how to build longer tasks for CC with more feedback loops. I'm on Ubuntu 22.04 and it was surprisingly pleasant to create a layered sandbox approach with bubblewrap and Landlock LSM: Landlock for filesystem restrictions (deny-first, only whitelisted paths accessible) and TCP port control (API, git, local dev servers), bubblewrap for mount namespace isolation (/tmp per-project, hiding secrets), and dnsmasq for DNS whitelisting (only essential domains resolve - everything else gets NXDOMAIN). |
|
| ▲ | tptacek 7 hours ago | parent | next [-] |
| I've been working for the past several weeks in an environment where it's easy and safe to give different claudes yolo-mode, but yesterday I needed to build an Emacs TRAMP plugin, and I had to do that on my local development NUC. I am extremely spoiled for yolo-mode, because even just yes-ok'ing all the elisp fragments claude came up with was exasperating, the whole experience was draining, and that was me not being especially careful (just making sure it didn't run random bash commands to, like, install a different Emacs or something). |
| |
|
| ▲ | Nition 6 hours ago | parent | prev [-] |
| I'm currently stuck on Windows, but I thought sandboxing was built in to Claude Code as a feature on Linux with the /sandbox command? |
| |
| ▲ | hu3 6 hours ago | parent [-] | | For Windows a quick win is to install VMware Workstation Pro (which is free) and install Ubuntu 24.04 LTS as a VM. Broadcom bought VMware then released Workstation Pro for free and I don't think they kept the download link but you can get from TechPowerUp: https://www.techpowerup.com/download/vmware-workstation-pro/ You can then let LLMs on YOLO mode inside it. | | |
| ▲ | dragonwriter 5 hours ago | parent | next [-] | | What is the advantage of using VMware Workstation Pro for this as opposed to using WSL2? | | |
| ▲ | TheTaytay 5 hours ago | parent | next [-] | | I think it has default access to your c drive via a mount, for one. You could add layers/sandboxes, but it’s not isolated. | | |
| ▲ | tracker1 4 hours ago | parent | next [-] | | Funny, but I wrote some environment initialization and setup scripts that you just unzip to a new dev desktop, and run the first powershell script, and it will work through (have to reboot after a couple installs), but it goes through, then once WSL is up, it'll rely on the /mnt/c/ paths to run bash scripts to initialize the wsl environment too... was pretty handy. | |
| ▲ | bt1a 3 hours ago | parent | prev | next [-] | | I wouldn't put it past Opus 4.5 in yolo mode to vm escape if it felt like it haha | |
| ▲ | dragonwriter 4 hours ago | parent | prev [-] | | Yeah, I do most Linux stuff on Windows in containers using podman leveraging WSL2, but that's a good point. |
| |
| ▲ | UltraSane an hour ago | parent | prev [-] | | Stronger isolation and choice of OS |
| |
| ▲ | Tossrock 5 hours ago | parent | prev [-] | | Windows has the WSL for native Linux vms, these days (and also the past ~decade) | | |
| ▲ | hu3 4 hours ago | parent [-] | | I can rm -rf Windows files from WSL2. And so can LLMs. Meanwhile a VM isolates by default. | | |
| ▲ | jassmith87 3 hours ago | parent [-] | | You can turn all the interop and mounting of the windows FS with ease. I run claude in yolo mode using this exact setup. Just role out a new WSL env for each claude I want yoloing and away it goes. I suppose we could try to theorize how this is still dangerous buts its getting into extremely silly territory. | | |
| ▲ | hu3 3 hours ago | parent [-] | | That's great to know! And important to clarify because by default WSL has access to
all disks. |
|
|
|
|
|
