zlacker
[return to "Sandboxing AI Agents in Linux"]
◧
1. ashish+Qf1
[view]
[source]
2026-02-03 23:33:08
>>speckx+(OP)
I ended up writing my own sandbox so that it works on Mac OS as well and can be used for other tools (but just AI agents) as well
https://github.com/ashishb/amazing-sandbox
◧◩
2. ATechG+6h1
[view]
[source]
2026-02-03 23:39:01
>>ashish+Qf1
Curious to know what made you DIY this?
◧◩◪
3. ashish+Ih1
[view]
[source]
2026-02-03 23:40:53
>>ATechG+6h1
Tell me a better alternative that allows me to run, say, 'markdown lint', an npm package, on the current directory without giving access to the full system on Mac OS?
◧◩◪◨
4. ATechG+fj1
[view]
[source]
2026-02-03 23:50:10
>>ashish+Ih1
sandbox-exec -f curr_dir_access_profile.sb markdownlint
◧◩◪◨⬒
5. ashish+fl1
[view]
[source]
2026-02-04 00:00:21
>>ATechG+fj1
So you have to install npm package markdownlint on your machine and let it run it's potentially dangerous postinstall step?
◧◩◪◨⬒⬓
6. ATechG+2r1
[view]
[source]
2026-02-04 00:35:08
>>ashish+fl1
You can customize curr_dir_access_profile.sb to block access to network/fs/etc. Why is this not enough?
[go to top]