Very cool! Docker is the obvious choice, but since I’m on a Mac this makes this a bit hard to use (since Darwin doesn’t support control groups or name, so containers have to run in VMs), but might be worth the annoyance.
It might be possible to use some other form of sandboxing in OSX, but I don’t know what’s available. Podman probably won’t work but Docker is actually easier to setup than Podman. For Claude Code purposes the cost of a VM to run Docker in is probably pretty minor.
Edit: Actually Podman can be installed via VM on OSX too: https://podman.io/docs/installation Although at that point you might as well use Docker since the VM is providing isolation already.
Very cool! Docker is the obvious choice, but since I’m on a Mac this makes this a bit hard to use (since Darwin doesn’t support control groups or name, so containers have to run in VMs), but might be worth the annoyance.
It might be possible to use some other form of sandboxing in OSX, but I don’t know what’s available. Podman probably won’t work but Docker is actually easier to setup than Podman. For Claude Code purposes the cost of a VM to run Docker in is probably pretty minor.
Edit: Actually Podman can be installed via VM on OSX too: https://podman.io/docs/installation Although at that point you might as well use Docker since the VM is providing isolation already.