# CLAUDE.md - Container profile # Best for: This file provides environment-specific context and overrides for the current container setup. # Extends: Universal CLAUDE.md rules --- ## Environment: LXC Container (Incus) — Debian Latest ### Container runtime | Property | Value | |---|---| | **Hypervisor / runtime** | [Incus](https://linuxcontainers.org/incus/) (LXC-based) | | **Guest OS** | Debian — latest stable | | **Image type** | Near-bare / core image | | **Init system** | `systemd` | | **Shell** | `bash` | ### Installed packages The container image is **intentionally minimal** — virtually no packages have been added on top of the base Debian core. Only what is strictly required to boot and run the container is present: - `systemd` — init system - `bash` — shell - Standard Debian base utilities bundled with the core image > **Assume nothing is pre-installed.** Before using any tool, binary, or interpreter (`python3`, `curl`, `git`, `make`, `node`, …), install it explicitly via `apt`. --- ## Running Claude Code as Root Because this container is a **relatively isolated environment** (LXC / Incus), Claude Code can be run as **`root`** without the usual restrictions that apply on shared or production systems. ```bash # No sudo needed — you are already root inside the container claude ``` This is acceptable here because: 1. The container has no other users or services that could be affected. 2. The Incus boundary provides the isolation layer equivalent to what a normal user account provides on a bare-metal host. 3. The image is disposable / reproducible — the container can be rebuilt from scratch at any time. > **Do not replicate this pattern outside the container** (bare-metal host, shared server, CI runners with broad permissions, etc.). --- ## Practical notes for Claude Code ### Always install dependencies first ```bash apt-get update && apt-get install -y ``` Because the image is essentially empty, any `bash_tool` command that relies on an external binary must be preceded by its installation — or the command will simply fail with `command not found`. ### Network access Network availability depends on the host bridge configuration set in Incus. Verify connectivity before assuming outbound access: ```bash # Quick check ping -c 1 debian.org ``` ### systemd inside LXC `systemd` is the init system but behaviour may differ slightly from a full VM: - `systemctl` works for managing services. - Some kernel-level cgroup v2 features may be restricted depending on the host kernel and Incus profile. - `journalctl` is available for log inspection once `systemd-journal` is running. --- ## Quick bootstrap snippet Paste this at the start of any session that needs common tooling: ```bash apt-get update -qq && apt-get install -y --no-install-recommends \ curl \ git \ ca-certificates \ gnupg \ lsb-release \ build-essential \ python3 \ python3-pip ``` ---