justin/safeclaude
Public Access
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
7 Commits 2 Branches 0 Tags
8a8ee49d84aca000e17c1d3ffc0b18114f101520
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

Claude Code — Dockerized

A minimal, guardrailed container for running Claude Code.

Setup

# 1. Build the image
docker compose build

# 2. Link the binary where it's accessible
ln -s `readlink -f ./safeclaude` `readlink -f ~/.local/bin`

# 3. Run against your code
cd ~/zenmaid-webapp && safeclaude .

Security notes

  • Runs as a non-root user (coder, uid 1001)
  • All Linux capabilities are dropped except NET_BIND_SERVICE
  • Privilege escalation is disabled (no-new-privileges)
  • The container has no network restrictions beyond what Docker provides — add a custom network or --network none with --add-host if you want to lock that down further

Limitations & future updates

  • System package requirement changes require updates to the Dockerfile and a restart/rebuild - the claude user can't make these changes itself due to restricted access.

  • Bundles need to be updated separately inside the container

  • The setup is fairly tightly married to a ruby/psql application and would need to be tweaked to be configurable for other environments or platforms

Description
No description provided
Readme 83 KiB
Languages
Shell 55%
Dockerfile 45%