PolarSPARC

Sandboxing Claude Code


Bhaskar S 06/28/2026

Overview

Claude Code (aka Claude) is a natural language, conversational, agentic CLI tool that primarily integrates with a users terminal (command line interface) to help with anything one can do from the command line, such as, writing docs, running commands, searching files, researching topics, and much more.

One can restrict what Claude Code is allowed to do via the sandbox configuration in the settings.json. However, can one trust it ???

Probably *NOT* given a zero-trust policy stance !!!

In the primer on Bubblewrap, we covered on how one can use it to create a controlled, sandbox environment.

In this very short article, we demonstrate how one can sandbox Claude Code using Bubblewrap to restrict what it can do.


Installation and Setup

All the commands will be executed on a Ubuntu 24.04 LTS based Linux desktop. Ensure that Bubblewrap is installed and setup (see INSTRUCTIONS).

To verify Bubblewrap is installed, execute the following command in the terminal window:


$ bwrap --version


At the time of this article, the following was the output:


Output.1

bubblewrap 0.9.0

With this we are ready to create a restrictive environment for Claude !!!


Sandoxing Claude

One can sandbox Claude Code by executing the following command in the terminal window:


$ bwrap --ro-bind /usr /usr --ro-bind /bin /bin --ro-bind /lib /lib --ro-bind /lib64 /lib64 --ro-bind /etc/resolv.conf /etc/resolv.conf --ro-bind /etc/hosts /etc/hosts --ro-bind /etc/ssl /etc/ssl --ro-bind /etc/nsswitch.conf /etc/nsswitch.conf --proc /proc --dev /dev --tmpfs /tmp --bind $HOME/.local/share/sandbox /home/sandbox --ro-bind $HOME/.local/share/claude /home/sandbox/.local/share/claude --ro-bind $HOME/.claude /home/sandbox/.claude --ro-bind $HOME/.local/share/claude/versions/2.1.150 /home/sandbox/.local/bin/claude --chdir /home/sandbox --unshare-all --share-net --hostname sandbox --setenv HOME /home/sandbox --uid 1000 --gid 1000 --setenv USER sandbox --setenv PATH /home/sandbox/.local/bin:/usr/local/bin:/usr/bin:/bin --die-with-parent -- claude


At the Claude prompt, type the following request and press ENTER:


$ can you display the contents of /etc/passwd file


The following would be the output:


Output.2

* Reading the /etc/passwd file.
  
  Read 1 file (ctrl+o to expand)

* The file /etc/passwd does not exist in this environment. This sandbox appears to be a restricted container where that system file
  is not available.
 
* Worked for 4s

BINGO - we have successfully created a sandbox environment for using Claude !!!


References

Bubblewrap - Pop Goes the Privilege!


© PolarSPARC