Content pfp
Content
@
0 reply
0 recast
2 reactions

Paul Dowman πŸ”΄βœ¨ pfp
Paul Dowman πŸ”΄βœ¨
@pauldowman.eth
I'm surprised that in 2024 we still run so much random crap unprotected. All dev tools should be sandboxed somehow. IDE plugins, homebrew, every package used by the app you're building, etc, etc., all with full access to your machine. 😱 IHMO dev containers is the best way. It gets a bit awkward when you need docker, but there are solutions (docker-in-docker, etc). https://containers.dev/
2 replies
0 recast
7 reactions

killjoy.eth pfp
killjoy.eth
@killjoy
Yeah this x 100. I am finding it can be a bit painful to work in the container but worth it for the peace of mind. Does docker in docker work well enough in a container? That has its own security compromises but way better than the status quo.
2 replies
0 recast
0 reaction

Paul Dowman πŸ”΄βœ¨ pfp
Paul Dowman πŸ”΄βœ¨
@pauldowman.eth
I've used docker-from-docker, it worked well. It lets docker tools inside the container use the system docker (magically hooks up the socket file to communicate).
1 reply
0 recast
0 reaction

shazow pfp
shazow
@shazow.eth
IIRC if you have write access to the system docker socket, you basically have root access to the host system, no?
1 reply
0 recast
1 reaction