Skip to content

Commit ca40850

Browse files
gilesknapgilesknap
committed
add in etc/gitconfig to unshare sandboxing
1 parent e0c906d commit ca40850

2 files changed

Lines changed: 15 additions & 0 deletions

File tree

.devcontainer/claude-sandbox.sh

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,15 @@ if [ -e /root/.netrc ]; then
3333
mount --bind /dev/null /root/.netrc
3434
fi
3535

36+
# /etc/gitconfig (system scope) on a VS Code dev-container image carries a
37+
# credential.helper that shells out via /tmp/vscode-remote-containers-*.js —
38+
# the same bridge the per-user mask defends against. Bind /dev/null over it
39+
# so Claude sees an empty system config; only the URL-scoped gh/glab helpers
40+
# in /root/.gitconfig remain. The user's regular terminal is unaffected.
41+
if [ -e /etc/gitconfig ]; then
42+
mount --bind /dev/null /etc/gitconfig
43+
fi
44+
3645
# Build a Claude-only /root/.gitconfig containing the in-container
3746
# credential helpers (gh / glab) and HTTPS rewrites — and nothing else
3847
# the user has on the host (no SSH url rewrites, no host-specific

README-CLAUDE.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,10 @@ and how to verify the sandbox is intact.
5252
by `dev.containers.copyGitConfig`'s default), so the host's SSH url
5353
rewrites, custom credential helpers, and identity all work normally
5454
outside Claude — but Claude only ever sees the curated config.
55+
`/etc/gitconfig` (system scope) is also masked: VS Code dev-container
56+
images bake a `credential.helper` there that shells out via
57+
`/tmp/vscode-remote-containers-*.js`, so `claude-sandbox.sh` binds
58+
`/dev/null` over it inside the namespace.
5559
- **The "log in to GitHub" popup is closed for Claude.** The user
5660
terminal keeps `git.terminalAuthentication` at its default (true), so
5761
`GIT_ASKPASS` and `VSCODE_GIT_IPC_HANDLE` are injected into terminals
@@ -151,6 +155,8 @@ ls /root/.ssh /root/.gnupg /root/.aws 2>/dev/null # all empty (or missing)
151155
# no host SSH url rewrites or unrelated host helpers.
152156
git config --global --list | grep -E 'credential|insteadof'
153157
mount | grep '/root/.gitconfig' # bind from /etc/claude-gitconfig
158+
git config --system --get credential.helper # should exit non-zero
159+
mount | grep '/etc/gitconfig' # bind from /dev/null
154160

155161
# Should return creds only if `just gh-auth` has been run for this repo.
156162
printf 'protocol=https\nhost=github.com\n\n' | git credential fill

0 commit comments

Comments
 (0)