Add permission-bypass claude code container docs and install script #26
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Includes Anthropic's official Dockerfile with all recommended tools (gh, jq, git-delta, fzf, etc.), init-firewall.sh script, and comprehensive Docker/Podman-agnostic documentation for running Claude Code in containers with full permissions. Files organized under ai/images/ for container build artifacts. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
- Remove Docker references, focus on Podman - Always run as host user with --user $(id -u):$(id -g) - Prevents file ownership issues on host - Simplified examples and compose configuration 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Upgrade from node:20 to node:22 for longer support lifecycle (April 2027 vs April 2026). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Pass system timezone to container build to ensure correct time settings inside the container. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Simplify documentation by focusing on direct podman run commands only. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
The Dockerfile was missing the CMD directive, causing the container to start Node.js REPL instead of Claude Code. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
- Use --userns=keep-id for proper file ownership across any UID - Remove --privileged flag (not needed) - Remove --user flag (causes permission conflicts) - Remove ANTHROPIC_API_KEY env var (uses stored credentials) - Add first-time login documentation - Simplify and clarify command breakdown 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
- Use CLAUDE_CONFIG_DIR env var instead of HOME for reliable credential storage - Mount ~/.claude to /claude for cleaner paths - Add YOLO mode section with --dangerously-skip-permissions flag - Update git credentials tip to work with userns=keep-id This solves the re-authentication issue by explicitly telling Claude Code where to find its config directory. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Prevents container from modifying host git configuration. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
- Remove separate normal mode section - Make --dangerously-skip-permissions the default (safe in containers) - Include git credentials in the main command - Streamline documentation for single use case 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Creates setup-yolo.sh that: - Builds con-bomination-claude-code image if needed - Optionally adds YOLO shell function to bashrc/zshrc - Provides clear instructions and confirmation prompts Updated docs with Easy Setup section and TODO for curl-based install after PR merge. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
- Restore init-firewall.sh to exact match with Anthropic original (including whitespace) - Add source URL with specific commit (07e1393) to Dockerfile and docs - Update docs link to use commit hash instead of 'main' for reproducibility 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Security improvement: SSH keys are no longer mounted into the container. Claude Code can still make commits using read-only git config, but push operations must be done from the host. Updated: - Removed ~/.ssh mounts from all commands - Added documentation explaining the limitation - Updated setup script YOLO function - Clarified git config mount purpose in command breakdown 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
asmacdo
changed the title
Member
Author
|
Note: occasionally use needs to rerun /login. Its still not clear to me why this happens in this mode, but not when running claude on metal. |
yarikoptic
reviewed
Nov 5, 2025
| # Install Claude | ||
| RUN npm install -g @anthropic-ai/claude-code@${CLAUDE_CODE_VERSION} | ||
|
|
||
| # Copy and set up firewall script |
Member
There was a problem hiding this comment.
might need extra checking on how to start such a container so it does not mess with the main box firewall but operates only within container's network.
yarikoptic
reviewed
Nov 5, 2025
Member
Author
|
Closing, this has moved to https://github.com/con/yolo/ (which is currently private until we resolve upstream license issue) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@yarikoptic heres our latest con-bomination, with dead simple setup. Was a bit trickier than I anticipated-- and you will need to login once for initial setup.
Please have a look over it before you try, this is too powerful to just trust ;)
tldr:
YOLOfrom whatever repo you want to change (no ssh access, so youll still have to push manually)