pancake Mar 23
TIL Docker v4.58+ have the `sandbox` subcommand to run commands with restricted filesystem access, ideal for running coding agents in yolo mode (or any other software you can't trust like ghidra or ida)
Show threadpancake Mar 23
Jk. Docker sandbox only works for real programs. Aka the ones that run in a tty
Show threadbuherator
@pancake How about X11 socket sharing? :)
https://github.com/v-p-b/binaryninja-docker
GitHub - v-p-b/binaryninja-docker: Run Binary Ninja GUI with Docker

Run Binary Ninja GUI with Docker. Contribute to v-p-b/binaryninja-docker development by creating an account on GitHub.

GitHub
Mar 23 at 2:31pmWeb
Show threadpancake Mar 24
@buherator yep that works but the x11 protocol opens the door to a large set of vulnerabilities. And afaik “docker sandbox” doesnt supports this, you’ll need to cook some docker run oneliners instead