Winbuzzer15h ago

Pydantic Releases Sandboxed Python Execution Server for AI Agents via Model Context Protocol

#AI #Pydantic #PydanticAI #MCP #ModelContextProtocol #Python #LLMs #AgenticAI #OpenSource #DevTools #Pyodide #Deno #Sandboxing #AISecurity #AIIntegration

https://winbuzzer.com/2025/04/20/pydantic-releases-sandboxed-python-execution-server-for-ai-agents-via-model-context-protocol-xcxwbn/

Show threadboredsquirrelApr 13

@linuxuserspace

Bubblejail:
https://github.com/igo95862/bubblejail (COPR for Fedora)

Fortify:
https://git.gensokyo.uk/security/fortify (installed with nix and home-manager, so best on NixOS)

Crabjail:
https://codeberg.org/crabjail

nsjail:
https://nsjail.dev

More:
https://codeberg.org/crabjail/crabjail#related-projects

All these sandbox normal system binaries. And there are many more sandboxing tools out there.

#Linux #Security #Sandboxing #Flatpak #Snap

2/2

GitHub - igo95862/bubblejail: Bubblewrap based sandboxing for desktop applications

Bubblewrap based sandboxing for desktop applications - igo95862/bubblejail

GitHub
boredsquirrelApr 13

@linuxuserspace

Pretty late, but comment to the #Snap and #Flatpak episodes:

My Flatpaks take up 30GB of space, after deduplication. A ton of outdated runtimes (badly maintained packages) and random stuff like #mpv or #ffmpeg shipped with apps instead of as a runtime extension are issues.

And no, you dont need to have an entire #distribution for #sandboxing. You can use #bubblejail and other new tools like #crabjail or #fortify.

For Flatpak and Snap, cross compatibility is 1st priority

1/2

Show threadKevin Karhan Apr 4

@bohwaz @punkfairie @ajsadauskas @JessTheUnstill @tomiahonen That's exactly the problem, cuz #KaiOS nee #FirefoxOS was a good and solid basis not just for #LowEnd-Devices but could've been excellent for a more #secure mobile OS, as it has good potential for #sandboxing and #KISS-principle'd #Apps that are lean and efficient.

But then again when enthusiasts like @fuchsiii and I were shouting "#ShutUpAndTakeMyMoney!" to #Mozilla, they basically refused to sell any #device, and then we get the "#PSvita-Effect":

Why the Vita Failed - PlayStation's Lost Gamble - Extra Credits

YouTube
N-gated Hacker NewsMar 22
Ah yes, another ✨MAGICAL✨ tool promising to sandbox your Linux processes without ever touching root or containers! Because who doesn’t want their security solution to sound like a knock-off name from a failed Jurassic Park sequel? 🦖🔒
https://github.com/Zouuup/landrun #magicaltool #linuxsecurity #sandboxing #securitysolutions #jurassicparksequel #HackerNews #ngated
GitHub - Zouuup/landrun: Run any Linux process in a secure, unprivileged sandbox using Landlock. Think firejail, but lightweight, user-friendly, and baked into the kernel.

Run any Linux process in a secure, unprivileged sandbox using Landlock. Think firejail, but lightweight, user-friendly, and baked into the kernel. - Zouuup/landrun

GitHub
varx/techMar 4

I've seen #AppArmor used primarily to *harden* the security of an existing program. Is it also reasonable to use it to *sandbox* known-malicious code? Or are other methods required?

(I assume you also want ulimit or similar on the side, but that's to prevent resource consumption attacks rather than sandbox escapes.)

#Linux #sandboxing

Show threadboredsquirrelMar 3

And, of course: start taking #security seriously!

Your #Android and #Flatpak app should not exist if they have broken #sandboxing.

Set priorities, and communicate them. You literally made #Rust, but never advertise when you use it.

Take the tech youtuber bubble as vector, just make something that is cool and you get the advertizing for free. Pay a few podcasters, done.

Show threadboredsquirrelFeb 20

@libreoffice

Btw #Libreoffice is really great, and the #Flatpak works really well.

but do you know about all the Integrations that rely on interactions between programs? Like #Kleopatra #Zotero #OLLama and many more

Those may be currently broken, not sure. Zotero especially doesn't even have distro packages, so using the Flatpak makes a lot of sense.

#sandboxing #bubblewrap #ipc #portals #linux #security

Show threadboredsquirrelFeb 17

@opensuse

Do you plan on doing more #SELinux hardening than #Fedora does?

Because how it is, SELinux on Fedora just makes #run0 a pain to use, while user processes are all unconfined, making it pretty pointless.

Or do you plan on making it user friendly?

There are many issues with #Flatpak that should be addressed. Alternatively, #UID #Sandboxing using #SimpleSandbox and SELinux could be used, which is way simpler and more secure, but relies on native packages

https://wiki.gentoo.org/wiki/Simple_sandbox

Simple sandbox - Gentoo wiki

st1nger  🏴‍☠️  Feb 12
#Syd is a rock-solid application #kernel to sandbox applications on Linux>=5.19. Syd is similar to Bubblewrap, Firejail, GVisor, and minijail. As an application kernel it implements a subset of the Linux kernel interface in user space, intercepting system calls to provide strong isolation without the overhead of full virtualization. Syd is secure by default, and intends to provide a simple interface over various intricate #Linux #sandboxing mechanisms such as LandLock, Namespaces, Ptrace, and Seccomp-{BPF,Notify} https://gitlab.exherbo.org/sydbox/sydbox
Sydbox / sydbox · GitLab

rock-solid application kernel

GitLab