crusaderky · May 18, 2026 14:40
diff --git a/AppArmor config for bwrap b/AppArmor config for bwrap
 # /etc/apparmor.d/bwrap
 # To load: sudo apparmor_parser -r /etc/apparmor.d/bwrap

 abi <abi/4.0>,
 include <tunables/global>

 profile bwrap /usr/bin/bwrap flags=(unconfined) {
  userns,
  include if exists <local/bwrap>
 }
diff --git a/bwrap-claude.sh b/bwrap-claude.sh
 #!/bin/bash
 # Run Claude with read/write permissions in pwd and no access anywhere else

 DIR="$(realpath "$PWD")"
 exec bwrap \
  --ro-bind / / \
  --dev /dev \
  --proc /proc \
  --tmpfs /tmp \
  --tmpfs /home \
  --tmpfs /root \
  --ro-bind "$HOME/.pixi" "$HOME/.pixi" \
  --ro-bind "$HOME/.local/bin/claude" "$HOME/.local/bin/claude" \
  --ro-bind "$HOME/.local/state/claude" "$HOME/.local/state/claude" \
  --ro-bind "$HOME/.local/share/claude" "$HOME/.local/share/claude" \
  --bind "$HOME/.claude" "$HOME/.claude" \
  --bind "$HOME/.claude.json" "$HOME/.claude.json" \
  --bind "$HOME/.cache/claude" "$HOME/.cache/claude" \
  --bind "$HOME/.cache/claude-cli-nodejs" "$HOME/.cache/claude-cli-nodejs" \
  --bind "$DIR" "$DIR" \
  --chdir "$DIR" \
  --die-with-parent \
  --unshare-all --share-net \
  -- claude --dangerously-skip-permissions "$@"
diff --git a/bwrap-pi.sh b/bwrap-pi.sh
 # Run Pi with read/write permissions in pwd and no access anywhere else

 DIR="$(realpath "$PWD")"
 exec bwrap \
  --ro-bind / / \
  --dev /dev \
  --proc /proc \
  --tmpfs /tmp \
  --tmpfs /home \
  --tmpfs /root \
  --ro-bind "$HOME/.pixi" "$HOME/.pixi" \
  --ro-bind "$HOME/.nvm" "$HOME/.nvm" \
  --bind "$HOME/.pi" "$HOME/.pi" \
  --bind "$DIR" "$DIR" \
  --chdir "$DIR" \
  --die-with-parent \
  --unshare-all --share-net \
  -- pi "$@"
	# /etc/apparmor.d/bwrap
	# To load: sudo apparmor_parser -r /etc/apparmor.d/bwrap

	abi <abi/4.0>,
	include <tunables/global>

	profile bwrap /usr/bin/bwrap flags=(unconfined) {
	userns,
	include if exists <local/bwrap>
	}
	#!/bin/bash
	# Run Claude with read/write permissions in pwd and no access anywhere else

	DIR="$(realpath "$PWD")"
	exec bwrap \
	--ro-bind / / \
	--dev /dev \
	--proc /proc \
	--tmpfs /tmp \
	--tmpfs /home \
	--tmpfs /root \
	--ro-bind "$HOME/.pixi" "$HOME/.pixi" \
	--ro-bind "$HOME/.local/bin/claude" "$HOME/.local/bin/claude" \
	--ro-bind "$HOME/.local/state/claude" "$HOME/.local/state/claude" \
	--ro-bind "$HOME/.local/share/claude" "$HOME/.local/share/claude" \
	--bind "$HOME/.claude" "$HOME/.claude" \
	--bind "$HOME/.claude.json" "$HOME/.claude.json" \
	--bind "$HOME/.cache/claude" "$HOME/.cache/claude" \
	--bind "$HOME/.cache/claude-cli-nodejs" "$HOME/.cache/claude-cli-nodejs" \
	--bind "$DIR" "$DIR" \
	--chdir "$DIR" \
	--die-with-parent \
	--unshare-all --share-net \
	-- claude --dangerously-skip-permissions "$@"
	# Run Pi with read/write permissions in pwd and no access anywhere else

	DIR="$(realpath "$PWD")"
	exec bwrap \
	--ro-bind / / \
	--dev /dev \
	--proc /proc \
	--tmpfs /tmp \
	--tmpfs /home \
	--tmpfs /root \
	--ro-bind "$HOME/.pixi" "$HOME/.pixi" \
	--ro-bind "$HOME/.nvm" "$HOME/.nvm" \
	--bind "$HOME/.pi" "$HOME/.pi" \
	--bind "$DIR" "$DIR" \
	--chdir "$DIR" \
	--die-with-parent \
	--unshare-all --share-net \
	-- pi "$@"