Claude Cowork v2 can now be deployed inside a Linux container, giving developers a lightweight, isolated environment to run the AI desktop agent. This guide explains the required Dockerfile, container configuration, and folder‑mount setup, enabling cross‑platform testing and automation without the native macOS virtualization stack. It also supports custom permission models that restrict AI access to specific folders, ensuring secure file‑system interactions.
Why Run Claude Cowork in a Container
Running Claude Cowork inside a container provides a clear security boundary, reduces dependency on macOS‑only virtualization, and makes the agent accessible on Linux and Windows hosts. The containerized approach also simplifies integration with CI/CD pipelines and server‑side workflows.
Security Isolation Benefits
- Hardened Boundary: The AI runs in a separate namespace, limiting exposure to the host OS.
- Granular Folder Permissions: Only directories explicitly mounted are visible to Claude.
- Reduced Attack Surface: Container isolation mitigates risks associated with native desktop execution.
Step‑by‑Step Container Setup
Prepare the Docker Image
Start from the official anthropic/claude-code base image and install any required virtualization utilities for Linux.
FROM anthropic/claude-code:latest
RUN apt-get update && apt-get install -y \
virtiofsd \
&& rm -rf /var/lib/apt/lists/*
Mount Host Directories
Map a host folder to the container path expected by Claude (/sessions/<id>/mnt/<folder_name>). This path is the only location the AI can read or write.
docker run -d \
--name claude-cowork \
-v /path/to/host/folder:/sessions/12345/mnt/workspace \
-p 8080:8080 \
claude-cowork-image
Launch Claude Code
Execute the Claude Code binary with the same flags used by the desktop client, pointing to the mounted workspace.
/usr/local/bin/claude-code \
--workspace /sessions/12345/mnt/workspace \
--vsock-endpoint /run/vsock.sock
Common Issues and Troubleshooting
- Hang after “sending request”: Verify that the vsock endpoint is correctly exposed and that no firewall rules block intra‑container communication.
- Permission errors: Ensure the host directory permissions allow read/write access for the container user.
- Resource limits: Allocate at least 4 GB RAM and 2 CPU cores to avoid performance bottlenecks during AI processing.
Future Outlook
The container‑ready implementation of Claude Cowork positions Anthropic to expand AI‑agent capabilities across diverse environments. As developers adopt this setup for automation, testing, and production workloads, feedback will drive further refinements in stability, performance, and security features.
