I run Windsurf in unprivileged podman [0], and only mount what is strictly necessary; I do the same with Claude

[0] https://github.com/grzegorzk/codeium_windsurf_in_podman