zlacker

[parent] [thread] 3 comments
1. ATechG+(OP)[view] [source] 2026-02-03 20:05:50
I will ask what I've asked before: how to know what resources to make available to agents and what policies to enforce? The agent behavior is not predefined; it may need access to a number of files & web domains.

For example, you said: > I don't expose entire /etc, just the bare minimum How is "bare minimum" defined?

> Inspecting the log you can spot which files are needed and bind them as needed. This requires manual inspection.

replies(2): >>aflag+w3 >>senko+e8
2. aflag+w3[view] [source] 2026-02-03 20:21:40
>>ATechG+(OP)
Ask the agent to bubblewrap itself
3. senko+e8[view] [source] 2026-02-03 20:45:18
>>ATechG+(OP)
Article author here. I used trial and error - manual inspection it is.

This took me a few minutes but I feel more in control of what's being exposed and how. The AI recommended just exposing the entire /etc for example. It's probably okay in my case, but I wanted to go more precise.

On the network access part, I let it fully loose (no restrictions, it can access anything). I might want to tighten that in the future (or at least disallow 192.168/16 and 10/8), for now I'm not very concerned.

So there's levels of how tight you want to set it.

replies(1): >>ATechG+R9
◧◩
4. ATechG+R9[view] [source] [discussion] 2026-02-03 20:52:32
>>senko+e8
> I feel more in control of what's being exposed and how

Makes complete sense. Thanks for your insights!

[go to top]