| ▲ | mtlynch 17 hours ago | |||||||
Thanks for sharing this! I've been experimenting with something similar. It would be helpful if the README explained how this works so users understand what they're trusting to protect them. I think it's worth noting that the trust boundary is a Docker container, so there's still a risk of container escape if the agent exploits (or is tricked into exploiting) a kernel vulnerability. Have you looked into rootless Podman? I'm using rootless + slirp4netns so I can minimize privileges to the container and prevent it from accessing anything on my local network. I'd like to take this a step further and use Podman machines, so there's no shared kernel, but I haven't been able to get volume mounting to work in that scenario. | ||||||||
| ▲ | Finbarr 17 hours ago | parent [-] | |||||||
Good feedback, thank you. We expanded the README: https://github.com/finbarr/yolobox/commit/ad776012f82f9d67e1... | ||||||||
| ||||||||