alt Hacker NewsWhat is even the point in that case? The behavior you describe is no better than if SELinux were to automatically re-execute a process with containment disabled.
Replies
erinnh • yesterday at 6:05 AM
Looking at the settings, its an option:
Configure Overrides:
1. Allow unsandboxed fallback
2. Strict sandbox mode (current)
Allow unsandboxed fallback: When a command fails due to sandbox restrictions, Claude can retry with dangerouslyDisableSandbox to run outside the sandbox (falling back to
default permissions).
Strict sandbox mode: All bash commands invoked by the model must run in the sandbox unless they are explicitly listed in excludedCommands. js2 • yesterday at 5:52 PM
Disable sandbox escape:
The purpose of the sandbox is to reduce permission fatigue. If it fails to run a command in the sandbox and retries it outside the sandbox, the regular permission rules apply. You'll still be prompted for any non-sandboxed tool calls that you haven't allowed or denied via permission rules.