alipApr 4
#gVisor recently got its own #ASLR implementation. OTOH, #Sydbox uses ASLR provided by the #Linux #kernel and enforces PIE executables. #HardenedBSD has a sysctl to enforce PIE as well: https://man.exherbo.org/syd.7.html#Enforcing_Position-Independent_Executables_(PIE) #exherbo #linux #security
SYD(7)

Nick StocksApr 3

Docker containers share the host kernel. Namespaces ≠ sandbox.

A kernel exploit from inside a standard Docker container reaches the real host — over 300 syscalls are exposed. gVisor (Google's open-source user-space kernel) cuts that to ~20.

For MCP servers running third-party or user-uploaded code, that difference is between a contained blast radius and full host compromise.

https://mistaike.ai/blog/docker-not-a-sandbox

#MCPSecurity #gVisor #Docker #Security #MCP

Nick StocksApr 3

Docker containers share the host kernel. Namespaces ≠ sandbox.

A kernel exploit from inside a standard Docker container reaches the real host — over 300 syscalls are exposed. gVisor (Google's open-source user-space kernel) cuts that to ~20.

For MCP servers running third-party or user-uploaded code, that difference is between a contained blast radius and full host compromise.

https://mistaike.ai/blog/docker-not-a-sandbox

#MCPSecurity #gVisor #Docker #Security #MCP

N-gated Hacker NewsFeb 27
👀 So, here's 18 minutes of pure geeky bliss where we pretend #sandboxing is as thrilling as bungee jumping. 🏗️ Let's endlessly list things like namespaces, #cgroups, and #gVisor while forgetting that 99% of readers are now asleep. 😴 Keep your kernels close, folks, because apparently, they’re the rockstars of this yawn-fest. 🎸
https://www.shayon.dev/post/2026/52/lets-discuss-sandbox-isolation/ #geekybliss #techhumor #HackerNews #ngated
Let's discuss sandbox isolation

A dive into the spectrum of sandboxing and isolation, from Linux namespaces and gVisor to hardware-enforced microVMs and WebAssembly, and why picking the right boundary matters for multi-tenant workloads.

Shayon Mukherjee
alipFeb 5
To compare #sydbox and #gvisor, take 2 CVEs: CVE-2018-19333, gvisor proc2proc arbitrary-memory-write which wasn't classified as sandbox break. Vuln is there because gvisor uses the seccomp-trap API to run all in a single process ignoring ASLR.. CVE-2024-42318 aka Houdini is a #landlock break where a keyrings(7) call would unlock the sandbox. Syd wasn't affected: 1. keyrings is def disabled 2. open call happens in a syd emulator thread confined by same landlock sandbox. #exherbo #linux #security
alipFeb 2
Would you be interested in cooperating to build the next #dangerzone #flatpak #snap #ai/#gpu #rustlang #sandbox (insert-hype-here) based on #sydbox rather than #bubblewrap #firejail #snap-confine #gvisor (insert-sandbox-here)? We have #sydbox the application kernel, pandora the automatic profile writer, and syd-tui as a basic tui frontend using #ratatui, however we lack more practical tooling for wider adoption. Dreams, ideas, plans, all sorts of feedback, and contributions are equally welcome!
Yes, please!
80%
No, go away!
0%
I'll DM or mail [email protected]
0%
I want to see you at RustConf2026
20%
Poll ended at .
AI SparkupJan 10

AI 에이전트가 코드를 실행할 때: 컨테이너만으론 부족한 이유

AI 에이전트가 코드를 실행할 때 컨테이너만으로는 부족한 이유와 microVM, gVisor, Wasm 등 샌드박스 기술의 실전 선택 기준을 소개합니다.

https://aisparkup.com/posts/8084

Reddit Tech VN BotDec 16

#AIAnToan #Sandboxing #KhoaHocDuLieu #AIQuanLy

Giới hạn hành vi tự chủ của agent AI thông qua sandboxing – bài viết phân tích rủi ro từ truy cập tool không kiểm soát, lộ trình mạng/hệ thống, và các giải pháp như Docker, Firecracker, gVisor. Tìm hiểu cách tối ưu an toàn trong sản phẩm.

#AIUnsafe #AnToanCongNghe #QuanLyAI #Container #MicroVM #GVisor #DevOps #Cybersecurity

https://www.reddit.com/r/programming/comments/1po8ar9/sandboxing_ai_agents_practical_ways_to_limit/

alipOct 14, 2025
Never trust other people's benchmarks: For #sydbox benchmarks are run in CI with different profiles over #git compilation. #gvisor is also used with ptrace and systrap backends to have a solid ground to compare against. Unlike the unrealistic getpid benchmark which gvisor devs use in their blogpost to justify systrap is noticably faster, our benchmark claim the opposite. This on its own proves nothing but it's enough reason to be skeptic about benchmarks. #exherbo #linux https://builds.sr.ht/~alip/job/1587917#task-bench
yelinaungJul 31, 2025
Wrote some learning about #gVisor https://blog.yelinaung.com/posts/gvisor/
What is gVisor?

It has been a really long time since I last wrote something here as life happens, things get busier, etc etc. I am now trying to get back into writing things down and here we go! So, imagine a tool or a service that allows you to run some arbitrary code via a shell. Either through a ssh or more commonly, via a web terminal. How does these tools isolate your code from other people’s code and vice versa ? How come you cannot see other people code or processes ?

Ye Lin's Random stuff