clawdie-ai

History

gavrielc f8aedab97f fix: mount project root read-only to prevent container escape (#392 ) The main group's project root was mounted read-write, allowing the container agent to modify host application code (e.g. dist/container-runner.js) to inject arbitrary mounts on next restart — a full sandbox escape. Fix: mount the project root read-only. Writable paths the agent needs (group folder, IPC, .claude/) are already mounted separately. The agent-runner source is now copied into a per-group writable location so agents can still customize container-side behavior without affecting host code or other groups. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-22 20:57:57 +02:00
..
global	feat: move to Claude's native memory management	2026-02-09 09:28:25 +02:00
main	fix: mount project root read-only to prevent container escape (#392 )	2026-02-22 20:57:57 +02:00

gavrielc f8aedab97f fix: mount project root read-only to prevent container escape (#392 )

The main group's project root was mounted read-write, allowing the
container agent to modify host application code (e.g. dist/container-runner.js)
to inject arbitrary mounts on next restart — a full sandbox escape.

Fix: mount the project root read-only. Writable paths the agent needs
(group folder, IPC, .claude/) are already mounted separately. The
agent-runner source is now copied into a per-group writable location
so agents can still customize container-side behavior without affecting
host code or other groups.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-22 20:57:57 +02:00

global

feat: move to Claude's native memory management

2026-02-09 09:28:25 +02:00

main

fix: mount project root read-only to prevent container escape (#392 )

2026-02-22 20:57:57 +02:00