Skip to content

Commit 01f5100

Browse files
evgeniy-scherbinaevgeniy-scherbina
authored
fix: drop perms for boundary process (#512)
1 parent 7e42a14 commit 01f5100

File tree

2 files changed

+9
-8
lines changed

2 files changed

+9
-8
lines changed

registry/coder/modules/claude-code/README.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ Run the [Claude Code](https://docs.anthropic.com/en/docs/agents-and-tools/claude
1313
```tf
1414
module "claude-code" {
1515
source = "registry.coder.com/coder/claude-code/coder"
16-
version = "3.3.2"
16+
version = "3.3.3"
1717
agent_id = coder_agent.example.id
1818
workdir = "/home/coder/project"
1919
claude_api_key = "xxxx-xxxxx-xxxx"
@@ -51,7 +51,7 @@ module "claude-code" {
5151
boundary_log_level = "WARN"
5252
boundary_additional_allowed_urls = ["GET *google.com"]
5353
boundary_proxy_port = "8087"
54-
version = "3.3.2"
54+
version = "3.3.3"
5555
}
5656
```
5757

@@ -70,7 +70,7 @@ data "coder_parameter" "ai_prompt" {
7070
7171
module "claude-code" {
7272
source = "registry.coder.com/coder/claude-code/coder"
73-
version = "3.3.2"
73+
version = "3.3.3"
7474
agent_id = coder_agent.example.id
7575
workdir = "/home/coder/project"
7676
@@ -106,7 +106,7 @@ Run and configure Claude Code as a standalone CLI in your workspace.
106106
```tf
107107
module "claude-code" {
108108
source = "registry.coder.com/coder/claude-code/coder"
109-
version = "3.3.2"
109+
version = "3.3.3"
110110
agent_id = coder_agent.example.id
111111
workdir = "/home/coder"
112112
install_claude_code = true
@@ -129,7 +129,7 @@ variable "claude_code_oauth_token" {
129129
130130
module "claude-code" {
131131
source = "registry.coder.com/coder/claude-code/coder"
132-
version = "3.3.2"
132+
version = "3.3.3"
133133
agent_id = coder_agent.example.id
134134
workdir = "/home/coder/project"
135135
claude_code_oauth_token = var.claude_code_oauth_token
@@ -202,7 +202,7 @@ resource "coder_env" "bedrock_api_key" {
202202
203203
module "claude-code" {
204204
source = "registry.coder.com/coder/claude-code/coder"
205-
version = "3.3.2"
205+
version = "3.3.3"
206206
agent_id = coder_agent.example.id
207207
workdir = "/home/coder/project"
208208
model = "global.anthropic.claude-sonnet-4-5-20250929-v1:0"
@@ -259,7 +259,7 @@ resource "coder_env" "google_application_credentials" {
259259
260260
module "claude-code" {
261261
source = "registry.coder.com/coder/claude-code/coder"
262-
version = "3.3.2"
262+
version = "3.3.3"
263263
agent_id = coder_agent.example.id
264264
workdir = "/home/coder/project"
265265
model = "claude-sonnet-4@20250514"

registry/coder/modules/claude-code/scripts/start.sh

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -167,7 +167,8 @@ function start_agentapi() {
167167
fi
168168

169169
agentapi server --allowed-hosts="*" --type claude --term-width 67 --term-height 1190 -- \
170-
sudo -E env PATH=$PATH setpriv --inh-caps=+net_admin --ambient-caps=+net_admin --bounding-set=+net_admin boundary "${BOUNDARY_ARGS[@]}" -- \
170+
sudo -E env PATH=$PATH setpriv --reuid=$(id -u) --regid=$(id -g) --clear-groups \
171+
--inh-caps=+net_admin --ambient-caps=+net_admin --bounding-set=+net_admin boundary "${BOUNDARY_ARGS[@]}" -- \
171172
claude "${ARGS[@]}"
172173
else
173174
agentapi server --type claude --term-width 67 --term-height 1190 -- claude "${ARGS[@]}"

0 commit comments

Comments
 (0)