ãµã³ãããã¯ã¹åããã Bash ããŒã«ãèšå®ãã
Claude Code ã®ãµã³ãããã¯ã¹åããã Bash ããŒã«ããã¡ã€ã«ã·ã¹ãã ãšãããã¯ãŒã¯ã®åé¢ãæäŸããããå®å šã§èªåŸçãªãšãŒãžã§ã³ãå®è¡ãå®çŸããæ¹æ³ã«ã€ããŠåŠã³ãŸãã
Bash ãµã³ãããã¯ã¹ã䜿çšãããšãClaude ã¯ã»ãšãã©ã®ã·ã§ã«ã³ãã³ããå®è¡ã§ããŸããåã³ãã³ãã®å®è¡èš±å¯ãæ±ãã代ããã«ãã³ãã³ããã¢ã¯ã»ã¹ã§ãããã¡ã€ã«ãšãããã¯ãŒã¯ãã¡ã€ã³ãå®çŸ©ãããªãã¬ãŒãã£ã³ã°ã·ã¹ãã ããã¹ãŠã® Bash ã³ãã³ããšãã®åããã»ã¹ã«å¯ŸããŠãã®å¢çã宿œããŸãã
ãã®ããŒãžã§ã¯ã以äžã®æ¹æ³ã«ã€ããŠèª¬æããŸãã
- ãµã³ãããã¯ã¹ãæå¹åãããµã³ãããã¯ã¹åãããã³ãã³ããã©ã®ããã«æ¿èªãããããéžæãã
- ãµã³ãããã¯ã¹åãèšå®ããŠãã³ãã³ããã¢ã¯ã»ã¹ã§ãããã¹ãšãããã¯ãŒã¯ãã¡ã€ã³ãå®çŸ©ãã
- ãµã³ãããã¯ã¹åãèš±å¯ã«ãŒã«ãšèš±å¯ã¢ãŒããšçµã¿åããã
- çµç¹å šäœã§ãµã³ãããã¯ã¹åã宿œããïŒç®¡çèšå®ã䜿çšïŒ
dev ã³ã³ãããã«ã¹ã¿ã ã³ã³ãããä»®æ³ãã·ã³ãªã©ã®ä»ã®åé¢ã¢ãããŒããæ¯èŒããã«ã¯ãSandbox environments ãåç §ããŠãã ãããBash 以å€ã®ããŒã«ã®èš±å¯ããã³ãããåæžããã«ã¯ãpermission modes ãåç §ããŠãã ããã
éå§æ¹æ³
ãµã³ãããã¯ã¹ã¯ Claude Code ã«çµã¿èŸŒãŸããŠãããmacOSãLinuxãWSL2 ã§å®è¡ãããŸãããã€ãã£ã Windows ã¯ãµããŒããããŠããŸãããWindows ã§ã¯ãClaude Code ã WSL2 ãã£ã¹ããªãã¥ãŒã·ã§ã³å ã§å®è¡ããŠãã ããã
macOS ã§ã¯ãã€ã³ã¹ããŒã«ãããã®ã¯ãããŸããããµã³ãããã¯ã¹åã¯çµã¿èŸŒã¿ã® Seatbelt ãã¬ãŒã ã¯ãŒã¯ã䜿çšããŸããLinux ãš WSL2 ã§ã¯ããµã³ãããã¯ã¹ã¯ 2 ã€ã®ããã±ãŒãžã«äŸåããŠãããLinux ãš WSL2 ãã»ããã¢ããããã§èª¬æãããŠããŸãããŸã ã€ã³ã¹ããŒã«ããŠããªãå Žåã§ãã/sandbox ã§éå§ã§ããŸãããã®ããã«ã«ã¯ãäœãäžè¶³ããŠãããã衚瀺ãããŸãã
/sandbox ãå®è¡ãã
Claude Code ã»ãã·ã§ã³ãéå§ãã/sandbox ã³ãã³ããå®è¡ããŸãã
/sandbox
ããã«ããã3 ã€ã®ã¿ããæã€ãµã³ãããã¯ã¹ããã«ãéããŸãã
- ModeïŒãµã³ãããã¯ã¹åãããã³ãã³ããã©ã®ããã«æ¿èªãããããéžæããŸããæ¬¡ã®ã¹ãããã§èª¬æããŸã
- OverridesïŒãµã³ãããã¯ã¹å
ã§å€±æããã³ãã³ãããµã³ãããã¯ã¹åãããŠããªãç¶æ
ã§å®è¡ã«ãã©ãŒã«ããã¯ã§ãããã©ãããéžæããŸããããã¯
allowUnsandboxedCommandsèšå®ã§ã - ConfigïŒè§£æ±ºããããµã³ãããã¯ã¹èšå®ã衚瀺ããŸã
ããã«ã« Dependencies ã¿ãã®ã¿ã衚瀺ãããå Žåãå¿
èŠãªããã±ãŒãžãäžè¶³ããŠããŸããLinux ãš WSL2 ãã»ããã¢ããããã§èª¬æãããŠããããã«ã€ã³ã¹ããŒã«ããClaude Code ãåèµ·åããŠã/sandbox ãå床å®è¡ããŠãã ããã
ã¢ãŒããéžæãã
Mode ã¿ãã§ãèªåèš±å¯ãŸãã¯éåžžã®èš±å¯ãéžæããŸããèªåèš±å¯ã¯ãµã³ãããã¯ã¹åãããã³ãã³ããããã³ãããªãã§å®è¡ããéåžžã®èš±å¯ã¯ã³ãã³ãããµã³ãããã¯ã¹åãããŠããå Žåã§ãéåžžã®èš±å¯ããã³ãããä¿æããŸããèªåèš±å¯ã¢ãŒãã§ãããã³ããã衚瀺ãããã³ãã³ãã«ã€ããŠã¯ãSandbox modes ãåç §ããŠãã ããã
Bash ã³ãã³ããå®è¡ãã
Claude ã«ã³ãã³ãïŒãã«ãããã¹ãã¹ã€ãŒããªã©ïŒãå®è¡ããããäŸé ŒããŸããããã©ã«ãã§ã¯ããµã³ãããã¯ã¹å ã®ã³ãã³ãã¯äœæ¥ãã£ã¬ã¯ããªã«ã®ã¿æžã蟌ã¿ã§ããŸããã³ãã³ããæ°ãããããã¯ãŒã¯ãã¡ã€ã³ã«ã¢ã¯ã»ã¹ããå¿ èŠãããå ŽåãClaude Code ã¯æ¿èªãæ±ããŸãã
ãµã³ãããã¯ã¹åãããŠããªãç¶æ ã§å®è¡ã§ããªãã³ãã³ãã¯ãéåžžã®èš±å¯ãããŒã«ãã©ãŒã«ããã¯ããŸãããããã®å¢çãåºãããçãããããã«ã¯ããµã³ãããã¯ã¹åãèšå®ãåç §ããŠãã ããã
ããã«ã§ã¢ãŒããéžæãããšããããžã§ã¯ãã®ããŒã«ã«èšå® .claude/settings.local.json ã«æžã蟌ãŸããŸããããã¯çŸåšã®ãããžã§ã¯ãã«é©çšãããgit ã«ãã§ãã¯ã€ã³ãããŸããããã¹ãŠã®ãããžã§ã¯ãã§ãµã³ãããã¯ã¹ãæå¹åããã«ã¯ããŠãŒã¶ãŒèšå® ~/.claude/settings.json ã§ sandbox.enabled ã true ã«èšå®ããŸããçµç¹å
ã®ãã¹ãŠã®éçºè
ã«ãµã³ãããã¯ã¹åã宿œããã«ã¯ã管çèšå®ã䜿çšããŸãã
ããã©ã«ãã§ã¯ãäŸåé¢ä¿ãäžè¶³ããŠãããããã©ãããã©ãŒã ããµããŒããããŠããªãããã«ãµã³ãããã¯ã¹ãèµ·åã§ããªãå ŽåãClaude Code ã¯èŠåã衚瀺ããŠãµã³ãããã¯ã¹åãªãã§ã³ãã³ããå®è¡ããŸãããããããŒã倱æã«ããã«ã¯ãsandbox.failIfUnavailable ã true ã«èšå®ããŸããããã¯ãã»ãã¥ãªãã£ã²ãŒããšããŠãµã³ãããã¯ã¹åãå¿
èŠãšãã管çãããã€ã¡ã³ãåãã§ãã
Linux ãš WSL2 ãã»ããã¢ãããã
Linux ãš WSL2 ã§ã¯ããµã³ãããã¯ã¹ã¯ 2 ã€ã®ããã±ãŒãžã«äŸåããŠããŸãã
bubblewrapïŒãã¡ã€ã«ã·ã¹ãã åé¢ã宿œããéç¹æš©ãµã³ãããã¯ã¹åããŒã«socatïŒãµã³ãããã¯ã¹ãããã·ãéããŠãããã¯ãŒã¯ãã©ãã£ãã¯ãã«ãŒãã£ã³ã°ããããã«äœ¿çšããããªã¬ãŒ
ãã£ã¹ããªãã¥ãŒã·ã§ã³ã®ããã±ãŒãžãããŒãžã£ãŒã§ã€ã³ã¹ããŒã«ããŸãã
sudo apt-get install bubblewrap socat
sudo dnf install bubblewrap socat
ã€ã³ã¹ããŒã«åŸã/sandbox ã® Dependencies ã¿ãã«ãripgrepãbubblewrapãsocatãããã³ seccomp ãã£ã«ã¿ãŒããã©ãããã©ãŒã ã§å©çšå¯èœãã©ããã衚瀺ãããŸããRipgrep ã¯ãã€ãã£ã Claude Code ãã€ããªã«ãã³ãã«ãããŠããŸããseccomp ãã£ã«ã¿ãŒã¯ãªãã·ã§ã³ã§ãUnix ãã¡ã€ã³ãœã±ããã®ããããã³ã°ã远å ããŸããäžè¶³ããŠããå Žåã¯ãnpm install -g @anthropic-ai/sandbox-runtime ã§ã€ã³ã¹ããŒã«ããŠãã ããã
å¿
èŠãªäŸåé¢ä¿ãäžè¶³ããŠããå ŽåãDependencies ã¿ãã¯ã€ã³ã¹ããŒã«ãããŸã§å¯äžã®ã¿ããšããŠè¡šç€ºãããŸããäŸåé¢ä¿ãã§ãã¯ã¯ã¹ã¿ãŒãã¢ããæã«å®è¡ããããããããã±ãŒãžãã€ã³ã¹ããŒã«åŸã« Claude Code ãåèµ·åããŠã/sandbox ãããããæ€åºããããã«ããŠãã ããã
WSL2 å
ãå«ããç°å¢ããã®å¶éã宿œããŠãããã©ããã確èªããã«ã¯ã`sysctl kernel.apparmor_restrict_unprivileged_userns` ãå®è¡ããŸããããŒãååšããªãã 0 ãè¿ãå Žåã¯ããã®ã¹ããããã¹ãããããŠãã ããã1 ãè¿ãå Žåã¯ã`bwrap` ã«ãã®æ©èœãä»äžãã AppArmor ãããã¡ã€ã«ã远å ããŸãã
```bash theme={null}
sudo tee /etc/apparmor.d/bwrap > /dev/null <<'EOF'
abi <abi/4.0>,
include <tunables/global>
profile bwrap /usr/bin/bwrap flags=(unconfined) {
userns,
include if exists <local/bwrap>
}
EOF
```
ãããã¡ã€ã«ã¯ `bwrap` èªäœã«ã®ã¿é©çšããããµã³ãããã¯ã¹å
ã§å®è¡ãããã³ãã³ãã«ã¯é©çšãããŸãããAppArmor ãå床èªã¿èŸŒãã§é©çšããŸãã
```bash theme={null}
sudo systemctl reload apparmor
```
WSL2 ã«é¢ããæ³šèš
PowerShell ãã wsl -l -v ã§ WSL ããŒãžã§ã³ã確èªããŸããSandboxing requires WSL2 ã衚瀺ãããå Žåããã£ã¹ããªãã¥ãŒã·ã§ã³ã¯ WSL1 ã§å®è¡ãããŠããŸããWSL2 ã«ã¢ããã°ã¬ãŒãããããClaude Code ããµã³ãããã¯ã¹åãªãã§å®è¡ããŠãã ããã
WSL2 ã§ã¯ããµã³ãããã¯ã¹åãããã³ãã³ã㯠cmd.exeãpowershell.exeããŸã㯠/mnt/c/ äžã®ãã®ãªã©ã® Windows ãã€ããªãèµ·åã§ããŸãããWSL ã¯ãããã Unix ãœã±ããçµç±ã§ Windows ãã¹ãã«æž¡ããŸããããµã³ãããã¯ã¹ã¯ããããããã¯ããŸããã³ãã³ãã Windows ãã€ããªãåŒã³åºãå¿
èŠãããå Žåã¯ãexcludedCommands ã«è¿œå ããŠããµã³ãããã¯ã¹å€ã§å®è¡ããããã«ããŠãã ããã
ãµã³ãããã¯ã¹ã¢ãŒã
Claude Code 㯠2 ã€ã®ãµã³ãããã¯ã¹ã¢ãŒããæäŸããŸãã
èªåèš±å¯ã¢ãŒãïŒBash ã³ãã³ãã¯ãµã³ãããã¯ã¹å ã§å®è¡ã詊ã¿ãããèš±å¯ãªãã«èªåçã«èš±å¯ãããŸãããµã³ãããã¯ã¹åã§ããªãã³ãã³ãïŒèš±å¯ãããŠããªããã¹ããžã®ãããã¯ãŒã¯ã¢ã¯ã»ã¹ãå¿ èŠãªã³ãã³ããªã©ïŒã¯ãéåžžã®èš±å¯ãããŒã«ãã©ãŒã«ããã¯ããŸããããã§ Claude Code 㯠蚱å¯ã«ãŒã«ã確èªãããããã®ã«ãŒã«ãæ¢ã«èš±å¯ããŠããªãã³ãã³ãã«ã€ããŠããã³ããã衚瀺ããŸãã
èªåèš±å¯ã¢ãŒãã§ãã以äžãé©çšãããŸãã
- æç€ºç㪠æåŠã«ãŒã«ã¯åžžã«å°éãããŸã
/ãããŒã ãã£ã¬ã¯ããªããŸãã¯ä»ã®éèŠãªã·ã¹ãã ãã¹ãã¿ãŒã²ããã«ããrmãŸãã¯rmdirã³ãã³ãã¯ãäŸç¶ãšããŠèš±å¯ããã³ãããããªã¬ãŒããŸã- ã³ã³ãã³ãã¹ã³ãŒãã® ask ã«ãŒã«ïŒ
Bash(git push *)ãªã©ïŒã¯ããµã³ãããã¯ã¹åãããã³ãã³ãã§ã匷å¶çã«ããã³ããã衚瀺ããŸã - åçŽãª
Bashask ã«ãŒã«ããŸãã¯åçã®Bash(*)圢åŒã¯ããµã³ãããã¯ã¹åãããŠå®è¡ãããã³ãã³ãã§ã¯ã¹ããããããŸããéåžžã®èš±å¯ãããŒã«ãã©ãŒã«ããã¯ããã³ãã³ãã«ã¯äŸç¶ãšããŠé©çšãããŸã
éåžžã®èš±å¯ã¢ãŒãïŒãã¹ãŠã® Bash ã³ãã³ãã¯ããµã³ãããã¯ã¹åãããŠããå Žåã§ããéåžžã®èš±å¯ãããŒãéããŸããããã¯ããå€ãã®å¶åŸ¡ãæäŸããŸãããããå€ãã®æ¿èªãå¿ èŠã§ãã
äž¡æ¹ã®ã¢ãŒãã§ããµã³ãããã¯ã¹ã¯åããã¡ã€ã«ã·ã¹ãã ãšãããã¯ãŒã¯å¶éã宿œããŸããéãã¯ããµã³ãããã¯ã¹åãããã³ãã³ããèªåæ¿èªãããããæç€ºçãªèš±å¯ãå¿ èŠãã ãã§ãã
ã»ãã·ã§ã³äžæãã£ã¬ã¯ããªã¯ãããã©ã«ãã§äœæ¥ãã£ã¬ã¯ããªãšäžŠãã§ãµã³ãããã¯ã¹å
ã§æžã蟌ã¿å¯èœã§ããClaude Code ã¯ãµã³ãããã¯ã¹åãããã³ãã³ãã«å¯Ÿã㊠$TMPDIR ããã®ãã£ã¬ã¯ããªã«èšå®ãããããäžæãã¡ã€ã«ãæžã蟌ãããŒã«ã¯è¿œå ã®èšå®ãªãã§åäœããŸãããµã³ãããã¯ã¹åãããŠããªãã³ãã³ãã¯ãã·ã§ã«ã® $TMPDIR ã倿Žãããã«ç¶æ¿ããŸããã€ãŸãããµã³ãããã¯ã¹åãããã³ãã³ããšãµã³ãããã¯ã¹åãããŠããªãã³ãã³ã㯠$TMPDIR ãç°ãªããã£ã¬ã¯ããªã«è§£æ±ºããŸãã2 ã€ã®éã§äžæãã¡ã€ã«ãæž¡ãã«ã¯ã代ããã«äœæ¥ãã£ã¬ã¯ããªã®äžã«æžã蟌ãã§ãã ããã
äžéšã®ã³ãã³ãã¯ãµã³ãããã¯ã¹å
ã§ãŸã£ããå®è¡ã§ããŸãããããã¯ããããšäºææ§ããªãããŒã«ããŸãã¯èš±å¯ããŠããªããã¹ããå¿
èŠãªããŒã«ãªã©ã§ããã¿ã¹ã¯ã倱æããããããµã³ãããã¯ã¹åããªãã«ããããèŠæ±ãããããã®ã§ã¯ãªããClaude Code ã«ã¯æå³çãªãšã¹ã±ãŒãããããå«ãŸããŠããŸãããµã³ãããã¯ã¹å¶éã®ããã«ã³ãã³ãã倱æããå ŽåãClaude ã¯å€±æãåæããdangerouslyDisableSandbox ãã©ã¡ãŒã¿ã§ã³ãã³ããå詊è¡ããå¯èœæ§ããããŸããå詊è¡ãããã³ãã³ãã¯ãµã³ãããã¯ã¹å€ã§å®è¡ããããããéåžžã®èš±å¯ãããŒãéããŠå®è¡ãããæ¿èªãå¿
èŠã§ãã
ãã®ãšã¹ã±ãŒããããã¯ããµã³ãããã¯ã¹èšå®ã§ "allowUnsandboxedCommands": false ãèšå®ããããšã§ç¡å¹åã§ããŸããç¡å¹åããããšã/sandbox Overrides ã¿ãã« Strict sandbox mode ãšããŠè¡šç€ºãããŸããdangerouslyDisableSandbox ãã©ã¡ãŒã¿ã¯å®å
šã«ç¡èŠããããã¹ãŠã®ã³ãã³ãã¯ãµã³ãããã¯ã¹åãããããexcludedCommands ã«æç€ºçã«ãªã¹ããããŠããå¿
èŠããããŸãã
èªåèš±å¯ã¢ãŒãã¯èš±å¯ã¢ãŒãèšå®ãšã¯ç¬ç«ããŠåäœããŸãããç·šéãåãå ¥ãããã¢ãŒãã§ãªãå Žåã§ããèªåèš±å¯ãæå¹ãªå Žåããµã³ãããã¯ã¹åããã Bash ã³ãã³ãã¯èªåçã«å®è¡ãããŸããããã¯ããã¡ã€ã«ç·šéããŒã«ãéåžžã¯æ¿èªãå¿ èŠãšããå Žåã§ãããµã³ãããã¯ã¹å¢çå ã®ãã¡ã€ã«ã倿Žãã Bash ã³ãã³ãã¯ããã³ãããªãã«å®è¡ãããããšãæå³ããŸãã
ãµã³ãããã¯ã¹åãèšå®ãã
settings.json ãã¡ã€ã«ãéããŠãµã³ãããã¯ã¹åäœãã«ã¹ã¿ãã€ãºããŸããå®å
šãªèšå®ãªãã¡ã¬ã³ã¹ã«ã€ããŠã¯ Settings ãåç
§ããŠãã ããã
ããã©ã«ãã§ã¯ããµã³ãããã¯ã¹åãããã³ãã³ãã¯çŸåšã®äœæ¥ãã£ã¬ã¯ããªãšã»ãã·ã§ã³äžæãã£ã¬ã¯ããªã«ã®ã¿æžã蟌ã¿ã§ããŸããkubectlãterraformãnpm ãªã©ã®ãµãããã»ã¹ã³ãã³ãããããã®ãã£ã¬ã¯ããªå€ã«æžã蟌ãå¿
èŠãããå Žåãsandbox.filesystem.allowWrite ã䜿çšããŠç¹å®ã®ãã¹ãžã®ã¢ã¯ã»ã¹ãä»äžããŸãã
{
"sandbox": {
"enabled": true,
"filesystem": {
"allowWrite": ["~/.kube", "/tmp/build"]
}
}
}
ãããã®ãã¹ã¯ OS ã¬ãã«ã§å®æœãããããããµã³ãããã¯ã¹å
ã§å®è¡ããããã¹ãŠã®ã³ãã³ãïŒãã®åããã»ã¹ãå«ãïŒãããããå°éããŸããããã¯ãexcludedCommands ã§ããŒã«ããµã³ãããã¯ã¹ããé€å€ããã®ã§ã¯ãªããããŒã«ãç¹å®ã®å Žæãžã®æžã蟌ã¿ã¢ã¯ã»ã¹ãå¿
èŠãšããå Žåã®æšå¥šã¢ãããŒãã§ãã
åããã¡ã€ã«ã·ã¹ãã é åãè€æ°ã® èšå®ã¹ã³ãŒã ã§å®çŸ©ãããŠããå Žåãé åã¯ããŒãžãããŸãããã¹ãŠã®ã¹ã³ãŒãããã®ãã¹ãçµåããã眮ãæããããŸããã
ãã¹ãã¬ãã£ãã¯ã¹ã¯ãã¹ã®è§£æ±ºæ¹æ³ãå¶åŸ¡ããŸãã
| ãã¬ãã£ãã¯ã¹ | æå³ | äŸ |
|---|---|---|
/ |
ãã¡ã€ã«ã·ã¹ãã ã«ãŒãããã®çµ¶å¯Ÿãã¹ | /tmp/build 㯠/tmp/build ã®ãŸãŸã§ã |
~/ |
ããŒã ãã£ã¬ã¯ããªããã®çžå¯Ÿãã¹ | ~/.kube 㯠$HOME/.kube ã«ãªããŸã |
./ ãŸãã¯ãã¬ãã£ãã¯ã¹ãªã |
ãããžã§ã¯ãèšå®ã®å Žåã¯ãããžã§ã¯ãã«ãŒãããã®çžå¯Ÿãã¹ããŸãã¯ãŠãŒã¶ãŒèšå®ã®å Žå㯠~/.claude ããã®çžå¯Ÿãã¹ |
.claude/settings.json ã® ./output 㯠<project-root>/output ã«è§£æ±ºãããŸã |
ãã®æ§æã¯ Read ãš Edit èš±å¯ã«ãŒã« ãšã¯ç°ãªããŸãããããã¯çµ¶å¯Ÿãã¹ã« //path ã䜿çšãããããžã§ã¯ãçžå¯Ÿã« /path ã䜿çšããŸãããµã³ãããã¯ã¹ãã¡ã€ã«ã·ã¹ãã ãã¹ã¯æšæºçãªèŠåã䜿çšããŸãã/tmp/build ã¯çµ¶å¯Ÿãã¹ã§ãã
sandbox.filesystem.denyWrite ãš sandbox.filesystem.denyRead ã䜿çšããŠæžã蟌ã¿ãŸãã¯èªã¿åãã¢ã¯ã»ã¹ãæåŠããããšãã§ããsandbox.filesystem.allowRead ã䜿çšããŠæåŠãããé åå
ã®ç¹å®ã®ãã¹ã®èªã¿åããå床蚱å¯ã§ããŸãã
以äžã®äŸã¯ãããŒã ãã£ã¬ã¯ããªå
šäœããã®èªã¿åãããããã¯ããªãããçŸåšã®ãããžã§ã¯ãããã®èªã¿åããèš±å¯ããŸãããããžã§ã¯ãã® .claude/settings.json ã«é
眮ããŠãã ãããçžå¯Ÿãã¹ . ã¯ãããžã§ã¯ãèšå®ã«ååšããå Žåã«ã®ã¿ãããžã§ã¯ãã«ãŒãã«è§£æ±ºãããããã§ãã
{
"sandbox": {
"enabled": true,
"filesystem": {
"denyRead": ["~/"],
"allowRead": ["."]
}
}
}
. ã allowRead ã«å«ãŸããã®ã¯ããã®èšå®ããããžã§ã¯ãèšå®ã«ååšããããã§ããåãèšå®ã ~/.claude/settings.json ã«é
眮ããå Žåã. 㯠~/.claude ã«è§£æ±ºããããããžã§ã¯ããã¡ã€ã«ã¯ denyRead ã«ãŒã«ã«ãã£ãŠãããã¯ããããŸãŸã«ãªããŸãã
ãµã³ãããã¯ã¹åã®ä»çµã¿
ãã¡ã€ã«ã·ã¹ãã åé¢
ãµã³ãããã¯ã¹åããã Bash ããŒã«ã¯ãã¡ã€ã«ã·ã¹ãã ã¢ã¯ã»ã¹ãç¹å®ã®ãã£ã¬ã¯ããªã«å¶éããŸãã
- ããã©ã«ãã®æžã蟌ã¿åäœïŒçŸåšã®äœæ¥ãã£ã¬ã¯ããªãšãã®ãµããã£ã¬ã¯ããªãžã®èªã¿åãããã³æžã蟌ã¿ã¢ã¯ã»ã¹ãå ããŠ
$TMPDIRãæãã»ãã·ã§ã³äžæãã£ã¬ã¯ããªãžã®ã¢ã¯ã»ã¹ - ããã©ã«ãã®èªã¿åãåäœïŒç¹å®ã®æåŠãã£ã¬ã¯ããªãé€ããã³ã³ãã¥ãŒã¿å
šäœãžã®èªã¿åãã¢ã¯ã»ã¹ããã®ããã©ã«ãã¯
~/.aws/credentialsã~/.ssh/ãªã©ã®èªèšŒæ å ±ãã¡ã€ã«ã®èªã¿åããèš±å¯ããããšã«æ³šæããŠãã ããããããããããã¯ããã«ã¯ãdenyReadã«è¿œå ããŠãã ããã - ãããã¯ãããã¢ã¯ã»ã¹ïŒæç€ºçãªèš±å¯ãªãã«çŸåšã®äœæ¥ãã£ã¬ã¯ããªããã³ã»ãã·ã§ã³äžæãã£ã¬ã¯ããªå€ã®ãã¡ã€ã«ã倿Žã§ããŸãããããã«ã¯
~/.bashrcãªã©ã®ã·ã§ã«èšå®ãã¡ã€ã«ãš/bin/ã®ã·ã¹ãã ãã€ããªãå«ãŸããŸãã - Git worktreesïŒäœæ¥ãã£ã¬ã¯ããªããªã³ã¯ããã git worktreeã®å Žåããµã³ãããã¯ã¹ã¯ã¡ã€ã³ãªããžããªã®å
±æ
.gitãã£ã¬ã¯ããªãžã®æžã蟌ã¿ãèš±å¯ãããããgit commitãªã©ã®ã³ãã³ãã refs ãšã€ã³ããã¯ã¹ãæŽæ°ã§ããŸãããã®ãã£ã¬ã¯ããªå ã®hooks/ãšconfigãžã®æžã蟌ã¿ã¯åŒãç¶ãæåŠãããŸãã - èšå®å¯èœïŒèšå®ãéããŠã«ã¹ã¿ã èš±å¯ãã¹ãšæåŠãã¹ãå®çŸ©ããŸã
sandbox.filesystem.allowWrite ãèšå®ã§äœ¿çšããŠã远å ã®ãã¹ãžã®æžã蟌ã¿ã¢ã¯ã»ã¹ãä»äžã§ããŸãããããã®å¶é㯠OS ã¬ãã«ã§å®æœããããããClaude ã®ãã¡ã€ã«ããŒã«ã ãã§ãªããkubectlãterraformãnpm ãªã©ã®ããŒã«ãå«ããã¹ãŠã®ãµãããã»ã¹ã³ãã³ãã«é©çšãããŸãã
ãããã¯ãŒã¯åé¢
ãããã¯ãŒã¯ã¢ã¯ã»ã¹ã¯ãµã³ãããã¯ã¹å€ã§å®è¡ããããããã·ãµãŒããŒãéããŠå¶åŸ¡ãããŸãã
- ãã¡ã€ã³å¶éïŒäºåã«èš±å¯ããããã¡ã€ã³ã¯ãããŸãããã³ãã³ããæ°ãããã¡ã€ã³ã«ã¢ã¯ã»ã¹ããå¿
èŠãããå ŽåãClaude Code ã¯ããã³ããã衚瀺ããŸãã
allowedDomainsã§ãã¡ã€ã³ãäºåã«èš±å¯ããŠããã³ãããåé¿ããŸãã - 管çããã¯ããŠã³ïŒ
allowManagedDomainsOnlyã管çèšå®ã§èšå®ãããŠããå Žåãèš±å¯ãããŠããªããã¡ã€ã³ã¯ããã³ããã®ä»£ããã«èªåçã«ãããã¯ããã管çèšå®ããã®allowedDomainsã®ã¿ãå°éãããŸãã - ã«ã¹ã¿ã ãããã·ãµããŒãïŒé«åºŠãªãŠãŒã¶ãŒã¯çºä¿¡ãã©ãã£ãã¯ã«ã«ã¹ã¿ã ã«ãŒã«ãå®è£ ã§ããŸã
- å æ¬çãªã«ãã¬ããžïŒå¶éã¯ãã¹ãŠã®ã¹ã¯ãªãããããã°ã©ã ãããã³ã³ãã³ãã«ãã£ãŠçæããããµãããã»ã¹ã«é©çšãããŸã
çµã¿èŸŒã¿ãããã·ã¯èŠæ±ããããã¹ãåã«åºã¥ããŠèš±å¯ãªã¹ãã宿œããTLS ãã©ãã£ãã¯ãçµäºãŸãã¯æ€æ»ããŸããããã®ãã¶ã€ã³ã®ã»ãã¥ãªãã£äžã®åœ±é¿ã«ã€ããŠã¯ Security limitations ãåç §ããŠãã ãããè åšã¢ãã«ã TLS æ€æ»ãå¿ èŠãšããå Žåã¯ãCustom proxy configuration ãåç §ããŠãã ããã
OS ã¬ãã«ã®å®æœ
ãµã³ãããã¯ã¹åããã Bash ããŒã«ã¯ OS ã»ãã¥ãªãã£ããªããã£ããæŽ»çšããŸãã
- macOSïŒãµã³ãããã¯ã¹å®æœã« Seatbelt ã䜿çšããŸã
- LinuxïŒåé¢ã« bubblewrap ã䜿çšããŸã
- WSL2ïŒLinux ãšåãã bubblewrap ã䜿çšããŸã
WSL1 㯠bubblewrap ã WSL2 ã§ã®ã¿å©çšå¯èœãªã«ãŒãã«æ©èœãå¿ èŠãšããããããµããŒããããŠããŸããããããã® OS ã¬ãã«ã®å¶éã«ãããClaude Code ã®ã³ãã³ãã«ãã£ãŠçæããããã¹ãŠã®åããã»ã¹ãåãã»ãã¥ãªãã£å¢çãç¶æ¿ããããšãä¿èšŒãããŸãã
ãããã®åãããªããã£ãã¯ãã¹ã¿ã³ãã¢ãã³ @anthropic-ai/sandbox-runtime ããã±ãŒãžãšããŠå©çšå¯èœã§ããSandbox environments ããŒãžã§ã¯ãClaude Code ããã»ã¹å
šäœãã©ããããããã®å¥ã®ã¢ãããŒããšããŠããã«ã€ããŠèª¬æããŠããŸãã
ãµã³ãããã¯ã¹åãèš±å¯ãšèš±å¯ã¢ãŒãã«ã©ã®ããã«é¢é£ããã
ãµã³ãããã¯ã¹åãèš±å¯ã«ãŒã«ãããã³ èš±å¯ã¢ãŒãã¯è£å®çãªã¬ã€ã€ãŒã§ãã以äžã®ã»ã¯ã·ã§ã³ã§ã¯ããµã³ãããã¯ã¹ãåã¬ã€ã€ãŒãšã©ã®ããã«çžäºäœçšãããã«ã€ããŠèª¬æããŸãã
èš±å¯ã«ãŒã«
èš±å¯ã«ãŒã«ãšãµã³ãããã¯ã¹åã¯ç°ãªããã®ãå¶åŸ¡ããŸãã
- èš±å¯ã«ãŒã«ã¯ Claude Code ã䜿çšã§ããããŒã«ãå¶åŸ¡ããä»»æã®ããŒã«ãå®è¡ãããåã«è©äŸ¡ãããŸããããã㯠BashãReadãEditãWebFetchãMCPãããã³ãã®ä»ã®ããŒã«ãå«ããã¹ãŠã®ããŒã«ã«é©çšãããŸãã
- ãµã³ãããã¯ã¹åã¯ãBash ã³ãã³ãããã¡ã€ã«ã·ã¹ãã ãšãããã¯ãŒã¯ã¬ãã«ã§ã¢ã¯ã»ã¹ã§ãããã®ãå¶éãã OS ã¬ãã«ã®å®æœãæäŸããŸãããã㯠Bash ã³ãã³ããšãã®åããã»ã¹ã«ã®ã¿é©çšãããŸãã
2 ã€ã®ã¬ã€ã€ãŒã¯å®æœæ¹æ³ãç°ãªããŸããClaude Code ã¯ã³ãã³ãæååã«åºã¥ããŠããŸãèªåã¢ãŒãã§ã¯ã³ãã³ããå®å šãã©ããã«ã€ããŠã®å¥ã®åé¡åšã®å€æã«åºã¥ããŠãã³ãã³ããå®è¡ãããåã«èš±å¯æ±ºå®ãè©äŸ¡ããŸãããªãã¬ãŒãã£ã³ã°ã·ã¹ãã ã¯å®è¡äžã®ããã»ã¹ã«ãµã³ãããã¯ã¹å¢çã宿œãããããã¢ãã«ãäœãå®è¡ããããšãéžæãããã«é¢ä¿ãªããèš±å¯ãããã³ãã³ããååã瀺åãããã®ä»¥äžã®ããšãè¡ãå Žåã§ããããã¯ä¿æãããŸãã
ãã¡ã€ã«ã·ã¹ãã ãšãããã¯ãŒã¯å¶éã¯ããµã³ãããã¯ã¹èšå®ãšèš±å¯ã«ãŒã«ã®äž¡æ¹ãéããŠèšå®ãããŸãã
| èšå®ãŸãã¯ã«ãŒã« | æ©èœ |
|---|---|
sandbox.filesystem.allowWrite |
äœæ¥ãã£ã¬ã¯ããªå€ã®ãã¹ãžã®ãµãããã»ã¹æžã蟌ã¿ã¢ã¯ã»ã¹ãä»äžããŸã |
sandbox.filesystem.denyWrite ãš sandbox.filesystem.denyRead |
ç¹å®ã®ãã¹ãžã®ãµãããã»ã¹ã¢ã¯ã»ã¹ããããã¯ããŸã |
sandbox.filesystem.allowRead |
denyRead é åå
ã®ç¹å®ã®ãã¹ã®èªã¿åããå床蚱å¯ããŸã |
Edit èš±å¯ã«ãŒã« |
ç¹å®ã®ãã¹ãžã®æžã蟌ã¿ã¢ã¯ã»ã¹ãä»äžããŸããsandbox.filesystem.allowWrite ãšåãæ¹æ³ã§ã |
Read ãš Edit æåŠã«ãŒã« |
ç¹å®ã®ãã¡ã€ã«ãŸãã¯ãã£ã¬ã¯ããªãžã®ã¢ã¯ã»ã¹ããããã¯ããŸã |
WebFetch èš±å¯ããã³æåŠã«ãŒã« |
ãã¡ã€ã³ã¢ã¯ã»ã¹ãå¶åŸ¡ããŸã |
ãµã³ãããã¯ã¹ allowedDomains |
Bash ã³ãã³ããå°éã§ãããã¡ã€ã³ãå¶åŸ¡ããŸã |
ãµã³ãããã¯ã¹ deniedDomains |
ããåºã allowedDomains ã¯ã€ã«ãã«ãŒããèš±å¯ããå Žåã§ããç¹å®ã®ãã¡ã€ã³ããããã¯ããŸã |
sandbox.filesystem èšå®ãšèš±å¯ã«ãŒã«ããã®ãã¹ã¯ãæçµçãªãµã³ãããã¯ã¹èšå®ã«ããŒãžãããŸãã
claude-code ãªããžããªã® examples ãã£ã¬ã¯ããªã«ã¯ãäžè¬çãªãããã€ã¡ã³ãã·ããªãªïŒãµã³ãããã¯ã¹åºæã®äŸãå«ãïŒã®ã¹ã¿ãŒã¿ãŒèšå®ãå«ãŸããŠããŸããããããåºçºç¹ãšããŠäœ¿çšããããŒãºã«åãããŠèª¿æŽããŠãã ããã
èš±å¯ã¢ãŒã
/sandbox 㯠蚱å¯ã¢ãŒãã§ã¯ãããŸãããèš±å¯ã¢ãŒãã¯ããŒã«åŒã³åºããå®è¡ããããã©ãããããã³æåã«ããã³ããã衚瀺ããããã©ãããæ±ºå®ããŸããããµã³ãããã¯ã¹ã¯ Bash ã³ãã³ããå®è¡ããããäœã«ã¢ã¯ã»ã¹ã§ããããå¶éããŸãããããã¯å¶åŸ¡å¯Ÿè±¡ãšã1 åã®ã¢ã¯ã·ã§ã³ ããã³ããã眮ãæãããã®ãç°ãªããŸãã
| å¶åŸ¡å¯Ÿè±¡ | ããã³ããã眮ãæãããã® | |
|---|---|---|
/sandbox |
Bash ã³ãã³ããå®è¡ããããäœã«ã¢ã¯ã»ã¹ã§ããã | èªåèš±å¯ã¢ãŒãã®ãµã³ãããã¯ã¹å¢çèªäœ |
| Auto mode | åããŒã«åŒã³åºããå®è¡ããããã©ãã | ã¢ã¯ã·ã§ã³ãã¬ãã¥ãŒããåé¡åš |
--dangerously-skip-permissions |
åããŒã«åŒã³åºããå®è¡ããããã©ãã | ãªããProtected path ãã§ãã¯ãã¹ããããããŸãã/ ãŸãã¯ããŒã ãã£ã¬ã¯ããªãåé€ããããšã ããããã³ããã衚瀺ããŸã |
ãµã³ãããã¯ã¹ã® èªåèš±å¯ã¢ãŒã㯠èªåã¢ãŒããšã¯å¥ã§ããèªåèš±å¯ã¯ãµã³ãããã¯ã¹å¢çãããããå«ããã Bash ã³ãã³ããæ¿èªããèªåã¢ãŒãã¯åé¡åšã䜿çšããŠã¢ã¯ã·ã§ã³ãã¬ãã¥ãŒããŸãã2 ã€ã¯ç¬ç«ããŠåäœããçµã¿åãããããšãã§ããŸããç¡äººå®è¡ã®åé¢å¢çãéžæããã«ã¯ãSandbox environments ãåç §ããŠãã ããã
çµç¹ã®ãµã³ãããã¯ã¹ãèšå®ãã
管çè ã¯ãã¹ãŠã®ãŠãŒã¶ãŒã«ãµã³ãããã¯ã¹åãèŠæ±ããéçºè ãããªã·ãŒãåºããã®ãé²ãããµã³ãããã¯ã¹ãã©ãã£ãã¯ãäŒæ¥ãããã·ãéããŠã«ãŒãã£ã³ã°ã§ããŸãã
管çèšå®ã§ãµã³ãããã¯ã¹åã宿œãã
ãã¹ãŠã®éçºè
ã«ãµã³ãããã¯ã¹ãèŠæ±ããã«ã¯ã管çèšå®ãéã㊠sandbox ããŒãé
ä¿¡ããŸããMDM ã§ç®¡çããããã¡ã€ã«ãŸã㯠Claude.ai ã® server-managed settingsãéããŠé
ä¿¡ããŸãã
以äžã®ç®¡çèšå®æ§æã¯ãµã³ãããã¯ã¹ãæå¹åãããµã³ãããã¯ã¹ãåæåã§ããªãå Žå㯠Claude Code ã®èµ·åãæåŠããã¢ãã«ããµã³ãããã¯ã¹å€ã§ã³ãã³ããå詊è¡ããã®ã鲿¢ããŸãã
{
"sandbox": {
"enabled": true,
"failIfUnavailable": true,
"allowUnsandboxedCommands": false
}
}
enabled ãè¶
ãã 2 ã€ã®ããŒã¯ããµã³ãããã¯ã¹ãã³ãã³ããå®è¡ã§ããªãå Žåã«äœãèµ·ããããå¶åŸ¡ããŸãã
failIfUnavailableïŒLinux ã® bubblewrap ãªã©ã®äžè¶³ããŠããäŸåé¢ä¿ã¯ãèŠåã衚瀺ããŠãµã³ãããã¯ã¹åãããŠããªãå®è¡ã«ãã©ãŒã«ããã¯ããã®ã§ã¯ãªããClaude Code ã®èµ·åããããã¯ããŸãallowUnsandboxedCommands: falseïŒdangerouslyDisableSandboxãšã¹ã±ãŒããããã¯ç¡èŠãããããããµã³ãããã¯ã¹å ã§å€±æããã³ãã³ãã¯ãµã³ãããã¯ã¹å€ã§å詊è¡ã§ããŸãã
ããããšäžç·ã«æ€èšãã䟡å€ã®ãã 2 ã€ã®è¿œå ããããŸãããµã³ãããã¯ã¹åãªãã§å®è¡ããå¿
èŠãããçµç¹æ¿èªããŒã«ã«ã€ã㊠excludedCommands ã远å ããŸãã~/.aws ã ~/.ssh ãªã©ã®èªèšŒæ
å ±ãã£ã¬ã¯ããªã«ã€ã㊠denyRead ãšã³ããªã远å ããŸããããã©ã«ãã®èªã¿åãããªã·ãŒã¯ããããèš±å¯ããŸãã
ãµã³ãããã¯ã¹ã¯ãã€ãã£ã Windows ã§ã¯å®è¡ãããªããããããªãŒãã« Windows ãã¹ããå«ãŸããŠããå Žåããã®èšå®ã macOS ãš Linux ã«ã¹ã³ãŒããããããããã®ãŠãŒã¶ãŒã« WSL2 ãŸãã¯ã³ã³ããå ã§ Claude Code ãå®è¡ãããŠãã ããã
éçºè ãããªã·ãŒãåºããã®ãé²ã
enabled ãš failIfUnavailable ãªã©ã®ããŒã«å€ããŒã®å ŽåãClaude Code ã¯ç®¡çå€ã䜿çšããéçºè
ãããŒã«ã«ã§èšå®ãããã®ãç¡èŠããŸããexcludedCommands ãš allowRead ãªã©ã®é
åããŒã®å ŽåãClaude Code ã¯ãã¹ãŠã®ã¹ã³ãŒããããšã³ããªãããŒãžãããããéçºè
ã¯ããªã·ãŒãåºãããšã³ããªã远å ã§ããŸãã
管çèšå®ã§ allowManagedReadPathsOnly ã true ã«èšå®ããŠã管çèšå®ããã® allowRead ãšã³ããªã®ã¿ãå°éãããããã«ããŸãããŠãŒã¶ãŒããããžã§ã¯ããããŒã«ã«ã® allowRead ãšã³ããªã¯ç¡èŠãããŸããããã«ãããéçºè
ã¯çµç¹æ¿èªãã¹ãè¶
ããŠèªã¿åãã¢ã¯ã»ã¹ãåºããã®ã鲿¢ããŸãããããã¯ãŒã¯ãã¡ã€ã³ãåãæ¹æ³ã§ç®¡çå€ã«ããã¯ããã«ã¯ãallowManagedDomainsOnlyãèšå®ããŸãã
excludedCommands ã«ã¯åçã®ç®¡çã®ã¿ããã¯ããŠã³ããªããããéçºè
ã¯åžžã«ãµã³ãããã¯ã¹å€ã§å®è¡ãã远å ã³ãã³ãã远å ãããšã³ããªã远å ã§ããŸãã管çãªã¹ããçãä¿ã¡ãŸãã
ã«ã¹ã¿ã ãããã·èšå®
é«åºŠãªãããã¯ãŒã¯ã»ãã¥ãªãã£ãå¿ èŠãšããçµç¹ã®å Žåãã«ã¹ã¿ã ãããã·ãå®è£ ããŠä»¥äžãè¡ãããšãã§ããŸãã
- HTTPS ãã©ãã£ãã¯ã埩å·åããŠæ€æ»ãã
- ã«ã¹ã¿ã ãã£ã«ã¿ãªã³ã°ã«ãŒã«ãé©çšãã
- ãã¹ãŠã®ãããã¯ãŒã¯ãªã¯ãšã¹ãããã°ã«èšé²ãã
- æ¢åã®ã»ãã¥ãªãã£ã€ã³ãã©ã¹ãã©ã¯ãã£ãšçµ±åãã
Claude Code ããããã·ã«ãã€ã³ãããã«ã¯ããµã³ãããã¯ã¹èšå®ã§ãããã·ããŒããèšå®ããŸãã
{
"sandbox": {
"network": {
"httpProxyPort": 8080,
"socksProxyPort": 8081
}
}
}
ãã©ãã«ã·ã¥ãŒãã£ã³ã°
äžéšã®ã³ãã³ãã¯ãµã³ãããã¯ã¹å ã§å€±æããŸããããµã³ãããã¯ã¹å€ã§ã¯æ©èœããŸãã以äžã®ä¿®æ£ã¯æãäžè¬çãªã±ãŒã¹ãã«ããŒããŠããŸãã
- ã³ãã³ãããã¹ãèš±å¯ãªããšã©ãŒã§å€±æããïŒå€ãã® CLI ããŒã«ã¯ç¹å®ã®ãã¹ãã«å°éããå¿ èŠããããŸããããã³ããã衚瀺ããããšãã«èš±å¯ãä»äžãããšããã¹ããèš±å¯ãªã¹ãã«è¿œå ããããããããŒã«ã¯å°æ¥ãµã³ãããã¯ã¹å ã§å®è¡ãããŸãã
jestããã³ã°ãŸãã¯å€±æããïŒwatchmanã¯ãµã³ãããã¯ã¹ãšäºææ§ããããŸããã代ããã«jest --no-watchmanãå®è¡ããŠãã ããã- Go ããŒã¹ã® CLI ã macOS ã§ TLS æ€èšŒã«å€±æããïŒ
ghãgcloudãterraformãªã©ã®ããŒã«ã¯ Seatbelt ã®äžã§ TLS æ€èšŒã«å€±æããå¯èœæ§ããããŸãããããã®ããŒã«ãexcludedCommandsã«ãªã¹ãããŠããµã³ãããã¯ã¹å€ã§å®è¡ããŠãã ãããhttpProxyPortã MITM ãããã·ãšã«ã¹ã¿ã CA ã§äœ¿çšããŠããå Žåã¯ã代ããã«enableWeakerNetworkIsolationãtrueã«èšå®ããŠãã ããã dockerã³ãã³ãã倱æããïŒdockerã¯ãµã³ãããã¯ã¹ãšäºææ§ããããŸãããdocker *ãexcludedCommandsã«è¿œå ããŠããµã³ãããã¯ã¹å€ã§å®è¡ããŠãã ããã- Bubblewrap ãã³ã³ããå
ã§èµ·åã«å€±æããïŒéç¹æš©ã³ã³ããã§ã¯ãbubblewrap ã¯æ°ãã
/procãã¡ã€ã«ã·ã¹ãã ãããŠã³ãã§ããŸãããenableWeakerNestedSandboxãtrueã«èšå®ããŠãå éšãµã³ãããã¯ã¹ãã³ã³ããã®æ¢åã®/procããã€ã³ãããŠã³ãããããã«ããŠãã ããããã®ãªãã·ã§ã³ã¯ãå€éšã³ã³ãããæ¢ã«å¿ èŠãªåé¢å¢çãæäŸããå Žåã«ã®ã¿äœ¿çšããŠãã ãããæ°ãã/procããŠã³ããé ããµã³ãããã¯ã¹åãããã³ãã³ãã«ããã»ã¹æ å ±ãå ¬éããããã§ãã - Linux ã® Seccomp ãã£ã«ã¿ãŒïŒseccomp ãã£ã«ã¿ãŒã¯ Unix ãã¡ã€ã³ãœã±ããããããã¯ããããã«å¿
èŠã§ãã
/sandboxã® Dependencies ã¿ãã«ããããå©çšå¯èœãã©ããã衚瀺ãããŸããäžè¶³ããŠããå Žåã¯ãnpm install -g @anthropic-ai/sandbox-runtimeãå®è¡ããŠãã«ããŒãã€ã³ã¹ããŒã«ããŠãã ããã --dangerously-skip-permissionsã root ãšããŠå€±æããïŒãã®ãã©ã°ã¯ Linux ãš macOS ã§ root ãšããŠå®è¡ããã sudo çµç±ã§å®è¡ããå Žåã«ãããã¯ãããŸããroot ã¢ã¯ã»ã¹ãšèš±å¯ããã³ãããªããçµã¿åããããšã·ã¹ãã äžã®ãããããã¡ã€ã«ãŸãã¯ãµãŒãã¹ã倿Žã§ããããã§ãããã§ãã¯ã¯èªèããããµã³ãããã¯ã¹å ã§èªåçã«ã¹ããããããŸããã³ã³ããã§èªåŸçã«å®è¡ããã«ã¯ãdev container èšå®ã䜿çšããŠãã ããããã㯠Claude Code ãé root ãŠãŒã¶ãŒãšããŠå®è¡ããŸãã
å¶éäºé
ãµã³ãããã¯ã¹åã¯ãªã¹ã¯ã軜æžããŸãããå®å šãªåé¢å¢çã§ã¯ãããŸãããããŒãã»ãã¥ãªãã£å¶åŸ¡ãšããŠäŸåããåã«ã以äžã®å¶éäºé ã確èªããŠãã ããã
ã»ãã¥ãªãã£äžã®å¶é
- ãããã¯ãŒã¯ãã£ã«ã¿ãªã³ã°ïŒãããã¯ãŒã¯ãã£ã«ã¿ãªã³ã°ã·ã¹ãã ã¯ãããã»ã¹ãæ¥ç¶ãèš±å¯ããããã¡ã€ã³ãå¶éããããšã§åäœããŸããçµã¿èŸŒã¿ãããã·ã¯çºä¿¡ãã©ãã£ãã¯ãçµäºãŸã㯠TLS æ€æ»ãå®è¡ããªããããæå·åãããæ¥ç¶ã®å å®¹ã¯æ€æ»ãããŸãããèš±å¯ãªã¹ãã«å«ãŸãããã¡ã€ã³ã®ã¿ãä¿¡é Œã§ããããšã確èªãã責任ããããŸãã
github.com ãªã©ã®åºããã¡ã€ã³ãèš±å¯ãããšãããŒã¿æµåºã®ãã¹ãäœæãããå¯èœæ§ããããŸãããããã·ã¯ TLS ãæ€æ»ããã«ã¯ã©ã€ã¢ã³ãæäŸã®ãã¹ãåããèš±å¯æ±ºå®ãè¡ãããããµã³ãããã¯ã¹å
ã§å®è¡ãããã³ãŒã㯠ãã¡ã€ã³ããã³ãã£ã³ã°ãŸãã¯åæ§ã®æè¡ã䜿çšããŠèš±å¯ãªã¹ãå€ã®ãã¹ãã«å°éããå¯èœæ§ããããŸããè
åšã¢ãã«ããã匷åãªä¿èšŒãå¿
èŠãšããå Žåã¯ãTLS ãçµäºããŠãã©ãã£ãã¯ãæ€æ»ããCA èšŒææžããµã³ãããã¯ã¹å
ã«ã€ã³ã¹ããŒã«ãã ã«ã¹ã¿ã ãããã·ãèšå®ããŠãã ããããã匷å㪠TLS 察å¿ãããã¯ãŒã¯åé¢ã¯éçºã®æŽ»çºãªé åã§ãã
- Unix ãœã±ãããéããæš©éææ ŒïŒ
allowUnixSocketsèšå®ã¯ããµã³ãããã¯ã¹ãã€ãã¹ã«ã€ãªããå¯èœæ§ã®ãã匷åãªã·ã¹ãã ãµãŒãã¹ãžã®ã¢ã¯ã»ã¹ãäžæ³šæã«ä»äžããå¯èœæ§ããããŸããããšãã°ã/var/run/docker.sockãžã®ã¢ã¯ã»ã¹ãèš±å¯ãããšãDocker ãœã±ãããéããŠãã¹ãã·ã¹ãã ãžã®ã¢ã¯ã»ã¹ã广çã«ä»äžãããŸãããµã³ãããã¯ã¹ãéããŠèš±å¯ãã Unix ãœã±ãããæ éã«æ€èšããŠãã ããã - ãã¡ã€ã«ã·ã¹ãã èš±å¯ææ ŒïŒé床ã«åºããã¡ã€ã«ã·ã¹ãã æžã蟌ã¿èš±å¯ã¯æš©éææ Œæ»æãæå¹ã«ããå¯èœæ§ããããŸãã
$PATHã®å®è¡å¯èœãã¡ã€ã«ãå«ããã£ã¬ã¯ããªãã·ã¹ãã èšå®ãã£ã¬ã¯ããªããŸãã¯ãŠãŒã¶ãŒã·ã§ã«èšå®ãã¡ã€ã«ïŒ.bashrcãŸãã¯.zshrcïŒãžã®æžã蟌ã¿ãèš±å¯ãããšãä»ã®ãŠãŒã¶ãŒãŸãã¯ã·ã¹ãã ããã»ã¹ããããã®ãã¡ã€ã«ã«ã¢ã¯ã»ã¹ãããšãã«ç°ãªãã»ãã¥ãªãã£ã³ã³ããã¹ãã§ã³ãŒãå®è¡ã«ã€ãªããå¯èœæ§ããããŸãã - Linux ãµã³ãããã¯ã¹åŒ·åºŠïŒLinux å®è£
ã¯åŒ·åãªãã¡ã€ã«ã·ã¹ãã ãšãããã¯ãŒã¯åé¢ãæäŸããŸãããç¹æš©ã®ãªãåå空éãªãã§ Docker ç°å¢å
ã§åäœã§ããããã«ãã
enableWeakerNestedSandboxã¢ãŒããå«ãŸããŠããŸãããã®ãªãã·ã§ã³ã¯ã»ãã¥ãªãã£ãå€§å¹ ã«åŒ±ãã远å ã®åé¢ãå¥ã®æ¹æ³ã§å®æœãããå Žåã«ã®ã¿äœ¿çšããå¿ èŠããããŸãã - èšå®ãã¡ã€ã«ãä¿è·ãããŠããïŒãµã³ãããã¯ã¹ã¯èªåçã« Claude Code ã®
settings.jsonãã¡ã€ã«ã®ãã¹ãŠã®ã¹ã³ãŒããšç®¡çèšå®ãã£ã¬ã¯ããªãžã®æžã蟌ã¿ã¢ã¯ã»ã¹ãæåŠããããããµã³ãããã¯ã¹åãããã³ãã³ãã¯ç¬èªã®ããªã·ãŒã倿Žã§ããŸããã
ãã©ãããã©ãŒã ãšããŒã«ã®äºææ§
- ãã©ãããã©ãŒã ãµããŒãïŒmacOSãLinuxãWSL2 ããµããŒãããŸããWSL1 ãšãã€ãã£ã Windows ã¯ãµããŒããããŠããŸããã
- ããã©ãŒãã³ã¹ãªãŒããŒãããïŒæå°éã§ãããäžéšã®ãã¡ã€ã«ã·ã¹ãã æäœã¯ãããã«é ããªãå¯èœæ§ããããŸãã
- ããŒã«äºææ§ïŒç¹å®ã®ã·ã¹ãã ã¢ã¯ã»ã¹ãã¿ãŒã³ãå¿ èŠãšããããŒã«ã®äžã«ã¯ãèšå®èª¿æŽãå¿ èŠãªå Žåãããµã³ãããã¯ã¹å€ã§å®è¡ããå¿ èŠãããå ŽåããããŸãã
ã¹ã³ãŒã
ãµã³ãããã¯ã¹ã¯ Bash ãµãããã»ã¹ãåé¢ããŸããä»ã®ããŒã«ã¯ç°ãªãå¢çã®äžã§åäœããŸãã
- çµã¿èŸŒã¿ãã¡ã€ã«ããŒã«ïŒReadãEditãWrite ã¯ãµã³ãããã¯ã¹ãéããŠå®è¡ããã®ã§ã¯ãªããèš±å¯ã·ã¹ãã ãçŽæ¥äœ¿çšããŸããpermissionsãåç §ããŠãã ããã
- ã³ã³ãã¥ãŒã¿äœ¿çšïŒClaude ãã¢ããªãéããŠã¹ã¯ãªãŒã³ãå¶åŸ¡ããå Žåãåé¢ãããç°å¢ã§ã¯ãªãå®éã®ãã¹ã¯ãããã§å®è¡ãããŸããã¢ããªããšã®èš±å¯ããã³ãããåã¢ããªã±ãŒã·ã§ã³ãã²ãŒãããŸããCLI ã§ã®ã³ã³ãã¥ãŒã¿äœ¿çšãŸã㯠Desktop ã§ã®ã³ã³ãã¥ãŒã¿äœ¿çšãåç §ããŠãã ããã
- ç°å¢å€æ°ïŒãµã³ãããã¯ã¹åããã Bash ã³ãã³ãã¯ããã©ã«ãã§èŠªããã»ã¹ç°å¢ãç¶æ¿ããŸããããã«èšå®ããããã¹ãŠã®èªèšŒæ
å ±ãå«ã¿ãŸãããµãããã»ã¹ãã Anthropic ãšã¯ã©ãŠããããã€ããŒã®èªèšŒæ
å ±ãåé€ããã«ã¯ã
CLAUDE_CODE_SUBPROCESS_ENV_SCRUBãèšå®ããŠãã ããã - ãµããšãŒãžã§ã³ãïŒsubagentsã¯èŠªã»ãã·ã§ã³ãšåãããã»ã¹ã§å®è¡ãããåããµã³ãããã¯ã¹èšå®ã䜿çšããŸãã芪ã»ãã·ã§ã³ã§ãµã³ãããã¯ã¹åãæå¹ãªå ŽåããµããšãŒãžã§ã³ãå ã® Bash ã³ãã³ãã¯ãµã³ãããã¯ã¹åãããŸãã
广çãªãµã³ãããã¯ã¹åã«ã¯ãã¡ã€ã«ã·ã¹ãã ãšãããã¯ãŒã¯ã®äž¡æ¹ã®åé¢ãå¿
èŠã§ãããããã¯ãŒã¯åé¢ããªãå Žåã䟵害ããããšãŒãžã§ã³ã㯠SSH ããŒãªã©ã®æ©å¯ãã¡ã€ã«ãæµåºãããå¯èœæ§ããããŸãããã¡ã€ã«ã·ã¹ãã åé¢ããªãå Žåã䟵害ããããšãŒãžã§ã³ãã¯ã·ã¹ãã ãªãœãŒã¹ã«ããã¯ãã¢ã仿ããŠãããã¯ãŒã¯ã¢ã¯ã»ã¹ãååŸããå¯èœæ§ããããŸããããã©ã«ããåºãããšãã¯ãallowWrite ãã¹ãåºã allowedDomains ãšã³ããªããŸã㯠excludedCommands äŸå€ãå察åŽã®å¶éãå
ã«æ»ããªãããšã確èªããŠãã ããã
é¢é£é ç®
- Sandbox environmentsïŒçµã¿èŸŒã¿ãµã³ãããã¯ã¹ãš dev ã³ã³ãããã³ã³ãããVM ãæ¯èŒãã
- SecurityïŒå æ¬çãªã»ãã¥ãªãã£æ©èœãšãã¹ããã©ã¯ãã£ã¹
- PermissionsïŒèš±å¯èšå®ãšã¢ã¯ã»ã¹å¶åŸ¡
- SettingsïŒå®å šãªèšå®ãªãã¡ã¬ã³ã¹
- CLI referenceïŒã³ãã³ãã©ã€ã³ãªãã·ã§ã³