dave/storkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 8 Wiki Activity

Fix Claude Code hanging in hardened container

Browse Source 
Claude Code writes to ~/.claude.json, ~/.cache/, and ~/.npm/ which
failed silently on the read-only root filesystem. Add tmpfs at
/home/storkit so the home dir is writable (the claude-state volume
overlays on top for persistent .claude/ data).

Also fix .dockerignore: use **/target/ to match nested target dirs,
add .storkit/logs/ and **/node_modules/ to prevent multi-GB build
context transfers.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Timmy
2026-03-21 21:16:24 +00:00
parent 3774c3dca7
commit 9f873dc839
3 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docker/docker-compose.yml
View File

@@ -72,11 +72,15 @@ services:
read_only: true
tmpfs:
- /tmp:size=512M
- /home/storkit/.npm:size=256M
- /home/storkit:size=512M
# Drop all Linux capabilities, then add back only what's needed.
# SETUID/SETGID needed by Claude Code's PTY allocation (openpty).
cap_drop:
- ALL
cap_add:
- SETUID
- SETGID
# Prevent child processes from gaining new privileges via setuid,
# setgid, or other mechanisms.