[dloss]

Related question: Which software do you recommend to sandbox a locally running AI agent, so that it can only access parts of the filesystem (e.g. one folder) and an allow-list of URLs?

[stavros]

What's allowing the AI agent to access files at all in the first place?

[dmd]

People ascribe magical powers to them.

[BonusPlay]

Depends how much patience you have.

Firejail if you want ease of use (there are a lot of ready profiles to be used).

Bubblewrap if you want more security, at the cost of having to do more manual work.

TL;DR Firejail is a blacklist of things, while bubblewrap is an whitelist, so bwrap policies tend to be tighter.

[OJFord]

That depends on the profile, firejail supports both.

[ravetcofx]

Chroot or AppArmor+Firejail

[amelius]

What are people using to quickly test new ML models from github in a sandbox?

Do you fire up a docker image? Do you use virtualbox? ...

[okasaki]

Why not docker?