Enable GPU Passthrough In Claude Code Sandbox

Enable GPU Passthrough for Enhanced Sandbox Mode in Claude Code

Enhance your development workflow with the ability to leverage your GPU within the Claude Code sandbox. This feature request focuses on enabling GPU device passthrough, unlocking the potential for accelerated computing tasks such as machine learning training, rendering, and video processing directly within your sandboxed environment. Currently, the sandbox restricts access to crucial GPU device nodes, hindering the execution of GPU-dependent applications. Implementing this feature will empower developers to utilize their hardware more effectively, streamlining workflows and accelerating project timelines.

The Challenge: GPU Access in the Sandbox

The current sandbox mode in Claude Code, while providing a secure and isolated environment, blocks access to essential GPU devices like /dev/dri and /dev/kfd. This restriction prevents the proper functioning of software that relies on these devices, including popular frameworks like PyTorch, TensorFlow, and libraries for tasks like 3D rendering and video encoding. When you try to run commands that interact with your GPU inside the sandbox, they fail, indicating that the required hardware isn't detected.

Step-by-Step Problem Illustration:

To understand the issue, consider these steps:

1. Configure Sandbox: First, enable the sandbox with basic permissions. For example:

   {
     "sandbox": { "enabled": true, "autoAllowBashIfSandboxed": true },
     "permissions": { "allow": ["Bash"] }
   }
   

2. Verify GPU Access: Attempt to verify GPU access by executing commands. For example, using Python to check if your CUDA-enabled NVIDIA GPU is visible:

   import torch
   print(torch.cuda.is_available())
   

3. Diagnostic Tests: Run diagnostic tools to confirm GPU detection, like:

   • rocm-smi --showid (for AMD GPUs) : to check if the GPU is visible.
   • nvidia-smi (for NVIDIA GPUs) : to check if the GPU is visible.
   • vulkaninfo --summary : to check the Vulkan support and the GPU type.

4. Expected Outcome vs. Reality: Inside the sandbox, the above commands will fail. The system either won't detect the GPU or will default to a software fallback, such as llvmpipe, indicating that the necessary device nodes are unavailable.

The Proposed Solution: Device Passthrough

The suggested solution is to introduce a sandbox.devices setting, allowing users to specify device nodes that should be passed through to the sandbox. For instance, for AMD GPUs:

{
  "sandbox": {
    "enabled": true,
    "devices": ["/dev/dri", "/dev/kfd"]
  }
}

Or for NVIDIA GPUs:

{
  "sandbox": {
    "enabled": true,
    "devices": ["/dev/dri", "/dev/nvidia0", "/dev/nvidiactl", "/dev/nvidia-uvm"]
  }
}

This configuration would modify the bubblewrap (bwrap) invocation, which is already used by Claude Code’s sandbox. Using --dev-bind-try ensures graceful handling on systems without GPUs. This is standard practice in sandboxed environments like Flatpak, allowing applications to access the necessary hardware resources safely and efficiently.

Benefits of GPU Passthrough

By enabling GPU passthrough, developers gain several advantages:

• Accelerated Workflows: Run GPU-intensive tasks directly within the sandbox, eliminating the need to move code or data outside the environment.
• Enhanced Productivity: Streamline development cycles by automating tasks such as model training, rendering, and testing.
• Expanded Use Cases: Support a wider array of applications, including machine learning, 3D graphics, video processing, and more.
• Simplified Debugging: Debug GPU-related issues within an isolated and controlled setting.

Alternative Solutions

The primary alternative is to disable sandboxing altogether, which is a less desirable solution for security-conscious developers. While running applications outside the sandbox may allow GPU access, it sacrifices the security and isolation benefits provided by sandboxing.

Prior Art and Technical Considerations

Flatpak provides a strong precedent for this approach. It uses similar bwrap flags to grant access to /dev/dri and other GPU-related devices. The implementation should consider several technical aspects:

• Security: Device access is limited to read/write operations to the GPU, preventing filesystem escape.
• Ordering: The order of arguments in bwrap matters. Device binds should precede --dev /dev to avoid shadowing.
• PCI Sysfs: Some tools might require read-only access to /sys/bus/pci and /sys/devices/pci* for device enumeration.
• Graceful Degradation: The use of --dev-bind-try allows the sandbox to function correctly even without a GPU, preventing errors on systems that lack the necessary hardware.

The Importance of This Feature

This feature is crucial for developers working with GPU-accelerated applications in Claude Code. Without GPU passthrough, developers are forced to choose between security and functionality. Implementing this feature unlocks a wide range of use cases, making Claude Code a more versatile and powerful tool for developers.

Test Cases and Verification

After enabling this feature, the following commands should work correctly within the sandbox:

• rocm-smi --showid (AMD)
• rocminfo (AMD)
• hipconfig --version (AMD)
• clinfo (OpenCL devices)
• nvidia-smi (NVIDIA)
• nvcc --version (CUDA compiler)
• vulkaninfo --summary
• vkcube (Vulkan test cube)
• glxinfo | grep "OpenGL renderer"
• python3 -c "import torch; print(torch.cuda.is_available())" (NVIDIA)
• python3 -c "import torch; print(torch.hip.is_available())" (AMD)

These tests will verify that the GPU is correctly detected and accessible within the sandboxed environment.

For more information on GPU passthrough and sandboxing, you can check out the following resources:

• Bubblewrap Documentation: https://manpages.debian.org/testing/bubblewrap/bwrap.1.en.html - This is the primary tool used by the sandbox, and understanding its capabilities can help you customize your environment.