zlacker

[return to "Monty: A minimal, secure Python interpreter written in Rust for use by AI"]
1. OutOfH+0n[view] [source] 2026-02-06 23:38:04
>>dmpetr+(OP)
It is absurd for any user to use a half baked Python interpreter, also one that will always majorly lag behind CPython in its support. I advise sandboxing CPython instead using OS features.
◧◩
2. simonw+1z[view] [source] 2026-02-07 01:36:23
>>OutOfH+0n
How do I sandbox CPython using OS features?

(Genuine question, I've been trying to find reliable, well documented, robust patterns for doing this for years! I need it across macOS and Linux and ideally Windows too. Preferably without having to run anything as root.)

◧◩◪
3. OutOfH+HG[view] [source] 2026-02-07 03:00:58
>>simonw+1z
Docker and other container runners allow it. https://containers.dev/ allows it too.

https://github.com/microsoft/litebox might somehow allow it too if a tool can be built on top of it, but there is no documentation.

◧◩◪◨
4. simonw+EL[view] [source] 2026-02-07 04:05:39
>>OutOfH+HG
Every time I use Docker as a sandbox people warn me to watch out for "container escapes".

I trust Firecracker more because it was built by AWS specifically to sandbox Lambdas, but it doesn't work on macOS and is pretty fiddly to run on Linux.

◧◩◪◨⬒
5. its-su+5X2[view] [source] 2026-02-07 23:47:22
>>simonw+EL
Outside of VM usage, the answer seems to be (on top of containerization and selinux) writing a tight seccomp filter.

Gleaned from https://github.com/containers/bubblewrap/blob/0c408e156b12dd... and https://github.com/containers/bubblewrap/tree/0c408e156b12dd...

[go to top]