logoalt Hacker News

AlexCoventryyesterday at 7:47 PM3 repliesview on HN

Run coding agents in a docker container with limited permissions. FWIW, I run it with

  --cap-drop=ALL
  --pids-limit=4096
  --runtime=runsc

Replies

chrisweeklyyesterday at 8:01 PM

Or put it in a microvm using eg smolmachines.

show 2 replies
flexagoonyesterday at 8:51 PM

If you're on Linux, you can also easily run it in bwrap to properly sandbox without running a full container

worikyesterday at 9:58 PM

I run mine on their own machine, without root access.

Currently a Raspberry Pi 5

I am very pleased with it.

My Idiot Savant Pet