Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The easy way to do this is to create a worktree and then just run it in some form of sandbox - e.g. a Docker container.

In the worktree there is no .git directory, just a .git file which has a single line: "gitdir: <path to gitdir>".

If your sandbox doesn't have access to the gitdir, you're golden.



What if the sandbox needs access to the history? Imagine asking for help bisecting something, for example


Then you'll probably want a clone; which will cost in more space. Just remember to remove the remotes.

You could always use an overlayFS with the main (non-worktree) repo as the lowerdir (and then remove the remotes in the overlayFS), but that relies on you not trying to keep working on the git repo at the same time.


Or if I want the sandbox to be able to create commits, which is extremely useful.


Mount the parent read-only.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: