From 9f873dc839f09a79987057edbe57556392b94b62 Mon Sep 17 00:00:00 2001 From: Timmy Date: Sat, 21 Mar 2026 21:16:24 +0000 Subject: [PATCH] Fix Claude Code hanging in hardened container Claude Code writes to ~/.claude.json, ~/.cache/, and ~/.npm/ which failed silently on the read-only root filesystem. Add tmpfs at /home/storkit so the home dir is writable (the claude-state volume overlays on top for persistent .claude/ data). Also fix .dockerignore: use **/target/ to match nested target dirs, add .storkit/logs/ and **/node_modules/ to prevent multi-GB build context transfers. Co-Authored-By: Claude Opus 4.6 (1M context) --- .dockerignore | 11 +++++++++++ docker/.dockerignore | 5 +++-- docker/docker-compose.yml | 6 +++++- 3 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..ec606cf --- /dev/null +++ b/.dockerignore @@ -0,0 +1,11 @@ +# Docker build context exclusions +**/target/ +**/node_modules/ +frontend/dist/ +.storkit/worktrees/ +.storkit/logs/ +.storkit/work/6_archived/ +.git/ +*.swp +*.swo +.DS_Store diff --git a/docker/.dockerignore b/docker/.dockerignore index a7dfc5e..ec606cf 100644 --- a/docker/.dockerignore +++ b/docker/.dockerignore @@ -1,8 +1,9 @@ # Docker build context exclusions -target/ -frontend/node_modules/ +**/target/ +**/node_modules/ frontend/dist/ .storkit/worktrees/ +.storkit/logs/ .storkit/work/6_archived/ .git/ *.swp diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 4200c7b..ec0c072 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -72,11 +72,15 @@ services: read_only: true tmpfs: - /tmp:size=512M - - /home/storkit/.npm:size=256M + - /home/storkit:size=512M # Drop all Linux capabilities, then add back only what's needed. + # SETUID/SETGID needed by Claude Code's PTY allocation (openpty). cap_drop: - ALL + cap_add: + - SETUID + - SETGID # Prevent child processes from gaining new privileges via setuid, # setgid, or other mechanisms.