top | item 46430706

(no title)

Porygon | 2 months ago

I do that, too! I use git for version control outside the docker container, and to prevent claude from executing arbitrary code through commit hooks, I attach the docker volume mount in a nested directory of the repository so claude can not touch .git. Are there any other attack vectors that I should watch out for?

discuss

throw-12-16|2 months ago

I never mount .git to the agent container, but sometimes I will initialize the container with its own internal .git so the agent can preserve its git operations and maintain a change log outside of its memory context.

ivankra|2 months ago

Ohh, good point about git hooks as a container escape vector! I probably should add `-v $PWD/.git:$PWD/.git:ro` for that (bind-mount .git as read-only).