Do you use devcontainers or a custom-built solution? Would you mind sharing how you do your dev work using containers? I've been looking to try it out, and this attack might be the tipping point to where I actually do that.
Custom. I have a little script: “dev sh” which creates a new container for whatever folder I’m in. The container has full access to that folder, but nothing else. If there’s a .podman/env file, the script uses that to configure things like ports, etc.
From what I saw of devcontainers, they basically grant access to your entire system (.ssh, etc). May be wrong. That’s my recollection, though.
