Comment by aussieguy1234 2 days ago If you're on Linux, you can run AI agents in Firejail to limit access to certain folders/files. 5 comments aussieguy1234 Reply ichiichisan 2 days ago Does it allow access to GPUs and all system resources? That is unfortunately a limitation a lot of these sandboxes often have and you need to run a container or vm to get that. nezhar 2 days ago Looks interesting. How does this compare to a container? subsection1h 2 days ago Containers aren't a sandbox:https://news.ycombinator.com/item?id=46405993 aussieguy1234 2 days ago It uses Linux kernel namespaces instead of chroot (containers are just fancy Liunx chroot) samlinnfer 2 days ago Ackually, “containers” on linux are usually implemented using linux namespaces instead of chroot.
ichiichisan 2 days ago Does it allow access to GPUs and all system resources? That is unfortunately a limitation a lot of these sandboxes often have and you need to run a container or vm to get that.
nezhar 2 days ago Looks interesting. How does this compare to a container? subsection1h 2 days ago Containers aren't a sandbox:https://news.ycombinator.com/item?id=46405993 aussieguy1234 2 days ago It uses Linux kernel namespaces instead of chroot (containers are just fancy Liunx chroot) samlinnfer 2 days ago Ackually, “containers” on linux are usually implemented using linux namespaces instead of chroot.
aussieguy1234 2 days ago It uses Linux kernel namespaces instead of chroot (containers are just fancy Liunx chroot) samlinnfer 2 days ago Ackually, “containers” on linux are usually implemented using linux namespaces instead of chroot.
samlinnfer 2 days ago Ackually, “containers” on linux are usually implemented using linux namespaces instead of chroot.
Does it allow access to GPUs and all system resources? That is unfortunately a limitation a lot of these sandboxes often have and you need to run a container or vm to get that.
Looks interesting. How does this compare to a container?
Containers aren't a sandbox:
https://news.ycombinator.com/item?id=46405993
It uses Linux kernel namespaces instead of chroot (containers are just fancy Liunx chroot)
Ackually, “containers” on linux are usually implemented using linux namespaces instead of chroot.