| ▲ | ATechGuy 4 hours ago | |||||||
I will ask what I've asked before: how to know what resources to make available to agents and what policies to enforce? The agent behavior is not predefined; it may need access to a number of files & web domains. For example, you said: > I don't expose entire /etc, just the bare minimum How is "bare minimum" defined? > Inspecting the log you can spot which files are needed and bind them as needed. This requires manual inspection. | ||||||||
| ▲ | senko 3 hours ago | parent | next [-] | |||||||
Article author here. I used trial and error - manual inspection it is. This took me a few minutes but I feel more in control of what's being exposed and how. The AI recommended just exposing the entire /etc for example. It's probably okay in my case, but I wanted to go more precise. On the network access part, I let it fully loose (no restrictions, it can access anything). I might want to tighten that in the future (or at least disallow 192.168/16 and 10/8), for now I'm not very concerned. So there's levels of how tight you want to set it. | ||||||||
| ||||||||
| ▲ | aflag 3 hours ago | parent | prev [-] | |||||||
Ask the agent to bubblewrap itself | ||||||||