alt Hacker News> take a snapshot of my current workspace in a VM. Run claude there
Sounds like docker + overlayfs might fit the bill, as long as there's a base image that is close enough to what you need.
I don't think there should be One True Way how to run these, everyone can set it up in a way that best fits their workflow.
both Docker and bubblewrap are not secure sandboxes. the only way to have actually isolated sandboxes is by using VMs
disclaimer: i work on secure sandboxes at E2B