Claude Code devcontainer feature silently overwrites custom /usr/local/bin/init-firewall.sh

[NagareNegishi]

What happened

The ghcr.io/anthropics/devcontainer-features/claude-code:1.0 feature installs its own init-firewall.sh to /usr/local/bin/init-firewall.sh. Because devcontainer features run after the Dockerfile build, this silently overwrites any user-provided file at the same path. There is no warning, log message, or documentation about this behavior.

Steps to reproduce

1. Create a .devcontainer/Dockerfile that copies a custom firewall script:

   COPY init-firewall.sh /usr/local/bin/init-firewall.sh
   RUN chmod +x /usr/local/bin/init-firewall.sh

2. Include the feature in devcontainer.json:

   "features": {
       "ghcr.io/anthropics/devcontainer-features/claude-code:1.0": {}
   }

3. Build the devcontainer.
4. Run cat /usr/local/bin/init-firewall.sh inside the container — the content is the feature's script, not the user's.

Why this matters

The Claude Code [devcontainer documentation](https://docs.anthropic.com/en/docs/claude-code/devcontainer) describes init-firewall.sh as a component users should customize for their needs. Users following this guidance will copy and modify the reference init-firewall.sh in their own Dockerfile, only to have it silently replaced by the feature's version every build. Using a different filename works around the issue, but users shouldn't need to discover this through trial and error when the docs encourage modifying this exact file.