zlacker

[parent] [thread] 4 comments
1. ATechG+(OP)[view] [source] 2026-02-04 00:35:08
You can customize curr_dir_access_profile.sb to block access to network/fs/etc. Why is this not enough?
replies(1): >>ashish+E2
2. ashish+E2[view] [source] 2026-02-04 00:52:11
>>ATechG+(OP)
Some tools do require Internet access.

Further, I don't even want to take the risk of running 'npm install markdownlint' anymore on my machine.

replies(1): >>ATechG+Ft
◧◩
3. ATechG+Ft[view] [source] [discussion] 2026-02-04 04:34:12
>>ashish+E2
I understand the concern. However, you can customize the profile (e.g., allowlist) to only allow network access to required domains. Also, looks like your sandboxing solution is Docker based, which uses VMs on a Mac machine, but will not use VMs on a Linux machine (weak security).
replies(1): >>ashish+dy
◧◩◪
4. ashish+dy[view] [source] [discussion] 2026-02-04 05:17:50
>>ATechG+Ft
That's why I wrote my own sandbox. Everyone hand waives these concerns.

Further, I don't know why docker is weak security on Linux. Are you telling me that one can exploit docker?

replies(1): >>KurSix+qX1
◧◩◪◨
5. KurSix+qX1[view] [source] [discussion] 2026-02-04 15:42:06
>>ashish+dy
dockerd is a massive root-privileged daemon just sitting there, waiting for its moment. For local dev it’s often just unnecessary attack surface - one subtle kernel bug or namespace flaw, and it’s "hello, container escape". bwrap is much more honest in that regard: it’s just a syscall with no background processes and zero required privileges. If an agent tries to break out, it has to hit the kernel head-on instead of hunting for holes in a bloated docker API
[go to top]