alt Hacker NewsI do that, too! I use git for version control outside the docker container, and to prevent claude from executing arbitrary code through commit hooks, I attach the docker volume mount in a nested directory of the repository so claude can not touch .git. Are there any other attack vectors that I should watch out for?
Replies
ivankra • last Tuesday at 8:04 AM
Ohh, good point about git hooks as a container escape vector! I probably should add `-v $PWD/.git:$PWD/.git:ro` for that (bind-mount .git as read-only).
I never mount .git to the agent container, but sometimes I will initialize the container with its own internal .git so the agent can preserve its git operations and maintain a change log outside of its memory context.