Comment by jaytaylor

5 hours ago

This is a really neat project .

At my company (StrongDM) we recently open-sourced a tool in this space called Leash: https://github.com/strongdm/leash

By default it runs in docker, and also includes an extra sophisticated macOS-native --darwin mode which goes beyond the capabilities and guarantees of the likes of sandbox-exe, bubblewrap, and in some ways docker. Leash provides visibility into and control over every command and network request attempted by the coder agent. Would appreciate any feedback, and will try to get in touch with the author (Gordon).

Now I'll definitely look into automatically supporting pass-through auth for at least gh cli in Leash - always looking for what folks will find useful.

3 comments

jaytaylor

corv 4 hours ago

Interesting! The sandboxing space definitely deserves more attention.

On the other side of the spectrum, we're working on a lightweight approach that augments user namespaces with libseccomp to filter syscalls via BPF.

https://github.com/corv89/shannot

jaytaylor 1 hour ago
Leash does it via eBPF today. Are you open to a collab?
- corv 1 hour ago
  
  Absolutely. I’ll send you an email