Claude Cowork runs Linux VM via Apple virtualization framework

Summary

Linux Container Environment Report Generated: January 13, 2026 Session ID: brave-loving-maxwell This report details the Linux container environment powering the Claude AI assistant's "Cowork mode." The environment is a lightweight, highly sandboxed Ubuntu 22.04 LTS virtual machine running on ARM64 architecture, designed to provide secure code execution capabilities while maintaining strict isolation from the host system. Distribution: Ubuntu 22.04.5 LTS (Jammy Jellyfish) Kernel: Linux 6.8.0-90-generic (PREEMPT_DYNAMIC) Architecture: aarch64 (ARM64) Hostname: claude Resource Specification CPU 4 ARM64 cores @ 48 BogoMIPS each RAM 3.8 GiB total, ~2.8 GiB available Swap None configured Root Disk 10 GB NVMe (nvme0n1) Session Disk 10 GB NVMe (nvme1n1) The ARM64 processor includes advanced features such as hardware cryptographic acceleration (AES, SHA1, SHA2, SHA3, SHA512), atomic operations, pointer authentication (PACA/PACG), and branch target identification (BTI) for security. Bubblewrap (bwrap) Isolation The container uses Bubblewrap as its primary sandboxing mechanism. Key isolation features include: Network Isolation: --unshare-net creates a separate network namespace PID Isolation: --unshare-pid provides process namespace isolation Die-with-parent: Container terminates when parent process exits New Session: Prevents terminal hijacking attacks The environment employs strict seccomp (Secure Computing Mode) filtering: Seccomp Mode: 2 (filter mode) Active Filters: 2 seccomp filters applied NoNewPrivs: Enabled (prevents privilege escalation) Capabilities: All capabilities dropped (CapEff = 0) A custom BPF (Berkeley Packet Filter) program at /usr/local/lib/node_modules_global/lib/node_modules/@anthropic-ai/sandbox-runtime/vendor/seccomp/arm64/unix-block.bpf enforces syscall restrictions. Network Proxy Architecture All network traffic is proxied through local tunnels: Protocol Proxy HTTP/HTTPS http://localhost:3128 SOCKS5 socks5h://localhost:1080 FTP/GRPC socks5h://localho...