Comment by nottorp 6 hours ago ... as root? 5 comments nottorp Reply tintor 5 hours ago No root. `pip` and `npm install` don't require it.You can not use `sudo apt install` inside it.They use gVisor, and other container isolation mechanisms: https://ryan.govost.es/2025/openai-code-interpreter/ bandrami 1 hour ago OTOH if you have apt, you have arbitrary shell commands (hooray dpkg-hooks!)Golden years for cybersecurity people zahlman 6 hours ago Given that it's within a container on a remote server, does that matter? acedTrex 5 hours ago I mean i hope its more hardened than JUST a container given how many container escapes there are. jchw 5 hours ago Apparently, they are using gVisor, which when applied properly, should make a pretty good isolation primitive.
tintor 5 hours ago No root. `pip` and `npm install` don't require it.You can not use `sudo apt install` inside it.They use gVisor, and other container isolation mechanisms: https://ryan.govost.es/2025/openai-code-interpreter/ bandrami 1 hour ago OTOH if you have apt, you have arbitrary shell commands (hooray dpkg-hooks!)Golden years for cybersecurity people
bandrami 1 hour ago OTOH if you have apt, you have arbitrary shell commands (hooray dpkg-hooks!)Golden years for cybersecurity people
zahlman 6 hours ago Given that it's within a container on a remote server, does that matter? acedTrex 5 hours ago I mean i hope its more hardened than JUST a container given how many container escapes there are. jchw 5 hours ago Apparently, they are using gVisor, which when applied properly, should make a pretty good isolation primitive.
acedTrex 5 hours ago I mean i hope its more hardened than JUST a container given how many container escapes there are. jchw 5 hours ago Apparently, they are using gVisor, which when applied properly, should make a pretty good isolation primitive.
jchw 5 hours ago Apparently, they are using gVisor, which when applied properly, should make a pretty good isolation primitive.
No root. `pip` and `npm install` don't require it.
You can not use `sudo apt install` inside it.
They use gVisor, and other container isolation mechanisms: https://ryan.govost.es/2025/openai-code-interpreter/
OTOH if you have apt, you have arbitrary shell commands (hooray dpkg-hooks!)
Golden years for cybersecurity people
Given that it's within a container on a remote server, does that matter?
I mean i hope its more hardened than JUST a container given how many container escapes there are.
Apparently, they are using gVisor, which when applied properly, should make a pretty good isolation primitive.