Hacker News new | ask | show | jobs
by petcat 82 days ago
I don't use OpenClaw, but I still run my Claude Code and Codex as limited macOS user accounts and just have a script `become-agent <name> [cmd ...]` that does some sudo stuff to run as the limited user so they don't have any of my environment or directory access, or really any system-level admin access at all. They can use and write to their home directories as usual, which makes things easier to configure since those CLI harnesses really like when $HOME is configured and works as expected.

It's a good compromise between running as me and full sandbox-exec. Multi-user Unix-y systems were designed for this kind of stuff since decades ago.
2 comments
txprog 81 days ago
This is why kernel-level sandboxing matters. I use a sandbox name greywall that enforce filesystem/network isolation at the syscall level (Landlock + Seccomp + eBPF on linux, sandbox-exec on mac).

I do disagree about unix system were designed for this kind of stuff. Unix was not designed for an agent to act like you and take decision for you...

link
gadflyinyoureye 81 days ago
I think it depends on your philosophical approach to agency or personas. Unix groups allowed individuals to share directories with various levels of access. The assumption was those were people. Agents are philosophically people in so far as they exercise agency. They can do things via the file system. They are just non organic agents. The basic Unix permission system can still work with them.
link
throwatdem12311 81 days ago
The entire Von Neumann architecture is not suitable for agents.

Putting data and instructions in the same memory was always a bad idea - LLMs just took this to the extreme by making data and instructions the same thing.

link
w10-1 82 days ago
Yes, if/since that user have no access to your apple id and keychain...

Not too much harder is using a VM:

With Apple's open-source container tool, you can spin up a linux container vm in ~100ms. (No docker root)

With Apple virtualization framework, you can run macOS in a VM (with a separate apple id).

link
petcat 82 days ago
> Yes, if/since that user have no access to your apple id and keychain...

Right, these are system accounts. They don't have access to anything except their own home folder and whatever I put in their .bashrc. `sudo` is a pretty easy sandbox by itself and lets me manage their home folders, shell, and environment easily just with the typical Unix-isms. No need for mounting VM disks, persisting disk images, etc.

I don't need virtualization to let Claude Code run. I just let it run as a "claude" user.

link