zlacker

[return to "Sandboxing AI Agents in Linux"]
1. bigwhe+jQ[view] [source] 2026-02-03 21:14:12
>>speckx+(OP)
I use Leash [1] [2] for sandboxing my agents (to great effect!). I've been very happy with it, it provides strict policy-level control for all process-level + network-level activity, as well as full visibility and dynamic runtime controls via WebUI. Way better than bubblewrap imo.

I originally saw it here on HN and have been hooked ever since.

[1] Screenshot: https://camo.githubusercontent.com/99b9e199ffb820c27c4e977f2...

[2] https://github.com/strongdm/leash

Fun fact: Do you know what container / sandboxing system is in most widespread use? Not docker containers, certainly not bubblewrap, and not even full VMs or firecracker. It's Chrome tabs.

◧◩
2. observ+fU[view] [source] 2026-02-03 21:35:30
>>bigwhe+jQ
Using Chrome for anything seems like a security failure of itself. It's got great features, but damn do they come at a cost.
[go to top]