|
|
|
|
|
|
by DowsingSpoon
259 days ago
|
|
|
I had been planning to explore Lima tonight as a mechanism to shackle CC on macOS. The trouble with sandbox-exec is that it’s control over network access is not fine grain enough, and I found its file system controls insufficient. Also, I recently had some bad experiences which lead me to believe the tool MUST be run with strict CPU and memory resource limits, which is tricky on macOS. |
|
|
It looks like linux vms, which apple's container-cli (among others) covers at a basic level.
I'd like apple to start providing macOS images that weren't the whole OS.. unless sandbox-exec/libsandbox have affordance for something close enough?
You can basically ask claude/chatgpt to write its jail (dockerfile) and then run that via `container` without installing anything on macos outside the container it builds (IIRC). Even the container-cli will use a container to build your container..