The Claude Code that is installed into the container is installed through NPM, but the user's .claude.json is mounted verbatim and may contain "installMethod": "native" which will trigger a warning upon starting Claude Code. I have worked around it by copying .claude.json into the container instead, and patching the installMethod appropriately.
This would hypothetically prevent the in-container Claude from setting new allowed permissions, but (a) non-persistence of permissions seems like a feature of a sandbox rather than a bug, and (b) I think Claude replaces that file anyway when it writes it, meaning the write wouldn't transfer out of the container anyway?
The Claude Code that is installed into the container is installed through NPM, but the user's .claude.json is mounted verbatim and may contain
"installMethod": "native"which will trigger a warning upon starting Claude Code. I have worked around it by copying .claude.json into the container instead, and patching theinstallMethodappropriately.This would hypothetically prevent the in-container Claude from setting new allowed permissions, but (a) non-persistence of permissions seems like a feature of a sandbox rather than a bug, and (b) I think Claude replaces that file anyway when it writes it, meaning the write wouldn't transfer out of the container anyway?