Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

On linux I devised this strategy for letting llm webuis or coding agent to securely run programs by burying their environment under multiple layers of locally arranged sandboxing.

Basically: run as another user -> run inside firejail sandbox -> run inside a stripped down alpine linux vm with smolvm.

See the whole procedure here: https://www.reddit.com/r/LocalLLaMA/comments/1tm93ng/how_i_d...

P.S. directories can be easily shared between the sandboxed guest and the host os

P.P.S. to stay a bit more on the safe side I also changed the name of the package manager for the guest os to something else so that when a coding agent would try to autonomously install external packages it will fail. I've then instructed it to (politely) ask for whatever it needs to be eventually manually installed by me



Interesting middle ground between full WASM lockdown and a bare environment. Did you end up needing to block anything else beyond the package manager?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: