| ▲ | gmerc 11 hours ago | |
It’s cute because Claude has discretion to disable its own sandbox and does it | ||
| ▲ | js2 10 hours ago | parent [-] | |
> You can disable this escape hatch by setting "allowUnsandboxedCommands": false in your sandbox settings. When disabled, the dangerouslyDisableSandbox parameter is completely ignored and all commands must run sandboxed or be explicitly listed in excludedCommands. https://code.claude.com/docs/en/sandboxing (I have no idea why that isn't the default because otherwise the sandbox is nearly pointless and gives a false sense of security. In any case, I prefer to start Claude in a sandbox already than trust its implementation.) | ||