If you’re already running codex as a different user to limit its file permissions, why would you add it to the docker group?

▲

lelandfe 3 hours ago | parent | next [-]

A good but altogether separate note from the point I’m making: this lack of access is seen as an obstacle to overcome, and other means of access will be tried if available.

It’s a different mental model than a first party solution to “ignore” files.

	▲	TheDong 2 hours ago \| parent [-]
		Weirdly, the existing first party solutions around denying commands don't seem to help here. Often enough, when one of the agents prompts for running "sudo", and I reject it, it will do what looks very much like malicious exploration to figure out how to handle things anyway, including once hijacking a separate shell's pty where I did have a valid sudo session already in order to execute some commands. We don't yet have the capability to make these models behave in a consistent, deterministic, or safe manner yet, so a first party solution isn't even necessarily that much better. Especially if it gives a false sense of security.

▲

jen20 3 hours ago | parent | prev [-]

Lack of knowledge and the desire to have it run containers for things.