On Mon, Dec 05, 2022 at 10:13:44PM +0000, brian m. carlson wrote: > _However_, I will say that `git status` is not a read-only command > because it can write the index, and we aren't, in general, going to be > able to promise that any portion of Git will work with only O_RDONLY > file descriptors. I suspect such a sandbox is going to result in a > highly broken Git in general, and so it wouldn't be a good idea. I wonder if "git status" might work OK in a sandbox, because it should quietly skip the on-disk index refresh if something fails. That is, it's supposed to work in a read-only repository. As long as the sandbox just returns an error when opening the lockfile (and not, say, killing the process), it would look the same to Git. -Peff
