sayzard4d ago

How I Sandbox My AI Agents

작성자는 오픈소스 AI 코딩 에이전트인 Opencode를 Firejail을 이용해 커널 레벨에서 샌드박싱하여 시스템 접근을 제한하는 방법을 소개합니다. 이 방식으로 Opencode가 SSH 키 등 민감한 파일에 접근하지 못하도록 안전하게 격리하며, 프로젝트 디렉토리만 화이트리스트로 허용해 사용합니다. 향후 로컬 LLM 모델과 인터넷 차단 환경에서 Opencode를 활용하는 확장도 계획 중입니다. 이 접근법은 AI 에이전트 사용 시 보안과 프라이버시를 강화하는 실용적 사례로 참고할 만합니다.

https://blog.fidelramos.net/software/how-i-sandbox-ai-agents

#aiagent #sandboxing #firejail #security #opencode

How I Sandbox my AI Agents

I've been using Opencode as my AI coding agent. Very unlike me, I don't have a long list of reasons why I picked it among the many alternatives. I just wanted to get started with an agent system that checked my main requirements: Must be fully open-source. Popular, meaning it's …

blog.fidelramos.net
Fidel Ramos5d ago

🇬🇧 How I Sandbox my AI Agents

https://blog.fidelramos.net/software/how-i-sandbox-ai-agents

🇪🇦 Cómo aislo mis agentes IA

https://blog.fidelramos.net/es/software/how-i-sandbox-ai-agents

#ai #aiagent #opencode #firejail #sandbox

How I Sandbox my AI Agents

I've been using Opencode as my AI coding agent. Very unlike me, I don't have a long list of reasons why I picked it among the many alternatives. I just wanted to get started with an agent system that checked my main requirements: Must be fully open-source. Popular, meaning it's …

blog.fidelramos.net
Show threadPope Bob the UnsaneApr 30

@LukefromDC for giggles, I checked in a firejail shell, and /usr/bin/su is owned by nobody.nogroup and only has owner read permissions, so it cannot be exploited via this metod.

If you're using #Linux and unfamiliar with #firejail -- give it a look; it's a nice wrapper that can be used for almost any internet connected app out of the box through a bunch of pre-defined configurations, and anything could be wrapped in it by creating your own custom profile.

It limits what the browser can see on the filesystem, and creates a jail for the program it's used to run.

This is how I use it for librewolf (aka stripped-down firefox):

https://codeberg.org/bobdobberson/tools/src/branch/master/i3-hotkey-firefox#L51-L54

@jloc0

tools/i3-hotkey-firefox at master

tools - tools i've written and use on semi regular bases

Codeberg.org
Show threadJan AntošApr 28
And as security measures, when it decides to run shell commands, those are sandboxed in #firejail with optionally enabled networking on project setup. It also supports skills (progressive disclosure) have basic filesystem and file editing tools, whiteboard (scratchpad) memory and agentic tasks running in separate context subagent to limit hallucinations.
FrankMApr 21
Ein neuer Forumbeitrag: https://linux-nerds.org/topic/1853/claude-code-einsperren #linux #firejail
Claude Code einsperren

Eines der Probleme, was man schnell feststellt, wenn man ein wenig ins vibe-coding einsteigt, ist das KI ganz schön neugierig werden kann. Ich hatte den Fall...

linux-nerds.org
Alexandra Beekers 🏳️‍🌈🌍Apr 15
Why I use #Firejail in #Linux:
#cybersecurity #sandbox
Protect Your System: Run Your Browser In Firejail
https://www.dotlinux.net/blog/protect-your-system-run-your-browser-in-firejail/
Protect Your System: Run Your Browser In Firejail

In today’s digital age, web browsers are our primary gateway to the internet—we use them for banking, shopping, social media, and work. Unfortunately, this makes browsers a top target for cybercriminals. Malicious websites, drive-by downloads, exploited plugins, and tracking scripts can compromise your system, steal data, or turn your device into a botnet. While antivirus software and ad-blockers help, they’re not foolproof. A more robust defense is **sandboxing**—isolating applications from the rest of your system to limit damage if they’re compromised. Enter **Firejail**: a lightweight, open-source sandboxing tool designed to restrict applications (especially browsers) using Linux kernel features like namespaces and seccomp. In this guide, we’ll explore why browsers need special protection, how Firejail works, and how to set it up to secure your daily browsing.

DotLinux.net
The Subliminal PressMar 9

https://grapheneos.social/@GrapheneOS/116200213555848065
Graphene has bad things to say about its competitors. What is the Truth?
@postmarketOS
@WeAreFairphone
@linmob

Does GOS' comment have in mind Volla #SailfishOS or UbuntuTouch? I am not a fan of Ubuntu much but love Debian. Volla, however is just way over-priced for most people outside the EU who can not order it anyway. Maybe GOS rates UbuntuTouch as a low grade product.
But Sailfish makes use of #firejail, which is very comprehensive on the command line level. If an app on GOS is not using
Compatibilty Mode, then it might be better off than with firejail or at least on par in terms of sandboxing. There are of course other factors.

Mainly, just wanted to make the point of distinguishing hardware projects from software projects here.

How would you rate Postmarket OS' security strategy (on Fairphone, for example)?

Michael Altfield 🛡️Feb 3

Have you ever been locked-out of your own account "for your protection"? 🤦

🔗 https://tech.michaelaltfield.net/2026/02/03/single-site-browser-firejail-proxychains/

This guide 👆 shows how to setup a Persistent, Sandboxed, Single-Site-Browser using #firejail and #proxychains to minimize the risk of Evil-Corp effectively issuing a #DOS attack against you (due to false positives)

#ai #aislop #opsec #infosec #security #privacy

Persistent, Sandboxed, Single-Site Browser (firejail and proxychains) - Michael Altfield's Tech Blog

Or how to avoid getting locked-out of another Google Account This guide will describe how to setup a persistent browser (for Evil Corp) that’s isolated in a sandbox (with firejail) and forced to use a SOCKS5 proxy to retain a static IP address (using proxychains) Have you ever been locked out of your own account, and then got an email for your service provider annoyingly letting you know that they’ve “blocked a login attempt — for your protection?“ There’s countless reports of frustrated users who have permanently lost access to their own gmail accounts because of Google’s faulty “fraud protection” systems that locked the account owner out of their own account, due to false-positives. Problem Especially the past 10 years, large corporations have been using machine learning anomaly detection systems on their login pages. Unfortunately, sometimes this is (ab)used to have priority over credential authentication challenges. Even if you enter your username, password, and 2FA credentials correctly on the very first login attempt, you may get locked out of your own account because you “look different” Even if you enter your username, password, and 2FA credentials correctly on the very first login attempt, you may get locked . . . → Read More: Persistent, Sandboxed, Single-Site Browser (firejail and proxychains)

Michael Altfield's Tech Blog
alipFeb 2
Would you be interested in cooperating to build the next #dangerzone #flatpak #snap #ai/#gpu #rustlang #sandbox (insert-hype-here) based on #sydbox rather than #bubblewrap #firejail #snap-confine #gvisor (insert-sandbox-here)? We have #sydbox the application kernel, pandora the automatic profile writer, and syd-tui as a basic tui frontend using #ratatui, however we lack more practical tooling for wider adoption. Dreams, ideas, plans, all sorts of feedback, and contributions are equally welcome!
Yes, please!
80%
No, go away!
0%
I'll DM or mail [email protected]
0%
I want to see you at RustConf2026
20%
Poll ended at .
mintbugDec 12
Кто-нибудь знает проект, подобный #firejail, но написанный не шизами для шизов? А то ощущения такие, что целевая аудитория этой поделки — чуваки, которые не использует ПО, а лишь пишут конфиги firejail для ПО, а потом довольные сидят и радуются, как они всё огородили. Я не хочу волшебным образом вычислять и после вручную перечислять ВСЕ директории, используемые программой. Я просто хочу псевдохомяк, просто преобразовывать `~/somefile` в `~/jail/somefile`, а не вот это вот всё.