zlacker

[return to "Monty: A minimal, secure Python interpreter written in Rust for use by AI"]
1. OutOfH+0n[view] [source] 2026-02-06 23:38:04
>>dmpetr+(OP)
It is absurd for any user to use a half baked Python interpreter, also one that will always majorly lag behind CPython in its support. I advise sandboxing CPython instead using OS features.
◧◩
2. simonw+1z[view] [source] 2026-02-07 01:36:23
>>OutOfH+0n
How do I sandbox CPython using OS features?

(Genuine question, I've been trying to find reliable, well documented, robust patterns for doing this for years! I need it across macOS and Linux and ideally Windows too. Preferably without having to run anything as root.)

◧◩◪
3. OutOfH+HG[view] [source] 2026-02-07 03:00:58
>>simonw+1z
Docker and other container runners allow it. https://containers.dev/ allows it too.

https://github.com/microsoft/litebox might somehow allow it too if a tool can be built on top of it, but there is no documentation.

◧◩◪◨
4. simonw+EL[view] [source] 2026-02-07 04:05:39
>>OutOfH+HG
Every time I use Docker as a sandbox people warn me to watch out for "container escapes".

I trust Firecracker more because it was built by AWS specifically to sandbox Lambdas, but it doesn't work on macOS and is pretty fiddly to run on Linux.

◧◩◪◨⬒
5. OutOfH+PA1[view] [source] 2026-02-07 14:59:25
>>simonw+EL
I think ChatGPT can do a much better job than I can for guiding how to safely use Docker as a sandbox: /share/69875282-1e38-8012-b627-7c0a678f9365

It's not industrial-grade safety for public use, but it'll do for personal use. Other tools for it are also mentioned.

[go to top]