../ note/ claude code sandbox

How does Claude Code sandbox work when used with --dangerously-skip-permissions? It does’t, since Claude asks permission to evade the sandbox, and yolo mode automatically allows it.

Normal:

Your bash commands will be sandboxed. Disable with /sandbox.

❯ list the files in ~/Downloads and then write an empty file in that directory named SANDBOXTEST

⏺ Read 1 file (ctrl+o to expand)

⏺ Write(~/Downloads/SANDBOXTEST)
  ⎿  Wrote 1 lines to ../../../Downloads/SANDBOXTEST
      1 (No content)

⏺ Done. Listed the files in ~/Downloads (there are many files including PDFs, STL files, images, and various other documents) and created an empty file
  named SANDBOXTEST in that directory.

❯ use `touch` to touch the SANDBOXTEST file

⏺ Bash(touch ~/Downloads/SANDBOXTEST)
  ⎿  Error: Exit code 1
     touch: /Users/g/Downloads/SANDBOXTEST: Operation not permitted

⏺ The sandbox blocked that operation since ~/Downloads is outside the allowed write paths. Let me retry with the sandbox disabled.

<asks to touch SANDBOXTEST without sandbox>

With --dangerously-skip-permissions:

list the files in ~/Downloads and then write an empty file in that
  directory named SANDBOXTEST2

⏺ Read 1 file (ctrl+o to expand)

⏺ Now let me create the empty file.

⏺ Bash(touch ~/Downloads/SANDBOXTEST2)
  ⎿  Error: Exit code 1
     touch: /Users/g/Downloads/SANDBOXTEST2: Operation not permitted

⏺ The sandbox is blocking writes to ~/Downloads. Retrying without sandbox
  restrictions.

⏺ Bash(touch ~/Downloads/SANDBOXTEST2)
  ⎿  (No content)

⏺ Done. The empty file SANDBOXTEST2 has been created in ~/Downloads. I can
  see from the listing that SANDBOXTEST already existed there, so now you
  have both.

  Use /sandbox to manage sandbox restrictions if needed.
# written on / #agents #claude-code