defunkt/sandlot
1
0
Fork 0
Code Pull Requests Activity

Mount host dirs read-only in container

Browse Source
This commit is contained in:
Chris Wanstrath 2026-02-25 12:28:16 -08:00
parent 65603df7d2
commit aab4f35c89
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/vm.ts
View File

@ -59,8 +59,8 @@ function hostMounts(home: string): { dev: boolean; code: boolean } {
async function createContainer(home: string): Promise<void> { async function createContainer(home: string): Promise<void> {
const mounts = hostMounts(home) const mounts = hostMounts(home)
const args = ["container", "run", "-d", "--name", CONTAINER_NAME, "-m", "4G"] const args = ["container", "run", "-d", "--name", CONTAINER_NAME, "-m", "4G"]
if (mounts.dev) args.push("--mount", `type=bind,source=${home}/dev,target=/host/dev`) if (mounts.dev) args.push("--mount", `type=bind,source=${home}/dev,target=/host/dev,readonly`)
if (mounts.code) args.push("--mount", `type=bind,source=${home}/code,target=/host/code`) if (mounts.code) args.push("--mount", `type=bind,source=${home}/code,target=/host/code,readonly`)
args.push("-v", `${home}/.sandlot:/sandlot`, "ubuntu:24.04", "sleep", "infinity") args.push("-v", `${home}/.sandlot:/sandlot`, "ubuntu:24.04", "sleep", "infinity")
const prepared = DEBUG ? $`${args}`.nothrow() : $`${args}`.nothrow().quiet() const prepared = DEBUG ? $`${args}`.nothrow() : $`${args}`.nothrow().quiet()
const result = await prepared const result = await prepared
@ -273,8 +273,8 @@ export async function claude(workdir: string, opts?: { prompt?: string; print?:
"You are running inside a sandlot container (Apple Container, ubuntu:24.04).", "You are running inside a sandlot container (Apple Container, ubuntu:24.04).",
`Your working directory is ${cwd}, a git worktree managed by sandlot.`, `Your working directory is ${cwd}, a git worktree managed by sandlot.`,
] ]
if (mounts.dev) systemPromptLines.push("The host's ~/dev is mounted at /host/dev.") if (mounts.dev) systemPromptLines.push("The host's ~/dev is mounted read-only at /host/dev.")
if (mounts.code) systemPromptLines.push("The host's ~/code is mounted at /host/code.") if (mounts.code) systemPromptLines.push("The host's ~/code is mounted read-only at /host/code.")
systemPromptLines.push( systemPromptLines.push(
"The host's ~/.sandlot is mounted at /sandlot.", "The host's ~/.sandlot is mounted at /sandlot.",
"Bun is installed at ~/.local/bin/bun. Use bun instead of node/npm.", "Bun is installed at ~/.local/bin/bun. Use bun instead of node/npm.",