I used Claude Code in two ways: normal agent mode in CLI and autonomous mode in Docker Container (with bypass-permissions on). Anthropic came out with sandbox mode, supposedly to bridge the gap between the two methods. At first, I never liked the mode because it kept stopping at random times due to some permission issues. Yesterday, I encountered it again and was determined to fix it. It was bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted, which was a problem of the sandbox failing to set up its network namespace. I found a Github Issue and a blog post on how to fix the issue.
The fix was essentially copying these lines into /etc/apparmor.d/bwrap:
abi <abi/4.0>,
include <tunables/global>
profile bwrap /usr/bin/bwrap flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/bwrap>
}
Then reload AppArmor with sudo systemctl reload apparmor.
Afterward, Claude Sandbox mode worked perfectly. It was able to utilize a Python script to read a docx file, since I used a lot of docx file with Claude.