From aab4f35c89183572b998a55ff3deca6042381a89 Mon Sep 17 00:00:00 2001 From: Chris Wanstrath Date: Wed, 25 Feb 2026 12:28:16 -0800 Subject: [PATCH] Mount host dirs read-only in container --- src/vm.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/vm.ts b/src/vm.ts index b74dfc3..35f7a51 100644 --- a/src/vm.ts +++ b/src/vm.ts @@ -59,8 +59,8 @@ function hostMounts(home: string): { dev: boolean; code: boolean } { async function createContainer(home: string): Promise { const mounts = hostMounts(home) const args = ["container", "run", "-d", "--name", CONTAINER_NAME, "-m", "4G"] - if (mounts.dev) args.push("--mount", `type=bind,source=${home}/dev,target=/host/dev`) - if (mounts.code) args.push("--mount", `type=bind,source=${home}/code,target=/host/code`) + if (mounts.dev) args.push("--mount", `type=bind,source=${home}/dev,target=/host/dev,readonly`) + if (mounts.code) args.push("--mount", `type=bind,source=${home}/code,target=/host/code,readonly`) args.push("-v", `${home}/.sandlot:/sandlot`, "ubuntu:24.04", "sleep", "infinity") const prepared = DEBUG ? $`${args}`.nothrow() : $`${args}`.nothrow().quiet() const result = await prepared @@ -273,8 +273,8 @@ export async function claude(workdir: string, opts?: { prompt?: string; print?: "You are running inside a sandlot container (Apple Container, ubuntu:24.04).", `Your working directory is ${cwd}, a git worktree managed by sandlot.`, ] - if (mounts.dev) systemPromptLines.push("The host's ~/dev is mounted at /host/dev.") - if (mounts.code) systemPromptLines.push("The host's ~/code is mounted at /host/code.") + if (mounts.dev) systemPromptLines.push("The host's ~/dev is mounted read-only at /host/dev.") + if (mounts.code) systemPromptLines.push("The host's ~/code is mounted read-only at /host/code.") systemPromptLines.push( "The host's ~/.sandlot is mounted at /sandlot.", "Bun is installed at ~/.local/bin/bun. Use bun instead of node/npm.",