Y
Hacker News
new
|
ask
|
show
|
jobs
by
creata
65 days ago
The part that worries me here is the diff. Does it happen in the host or in the guest? What code gets run when you run `yoloai diff`?
1 comments
kstenerud
65 days ago
It actually runs git (with hooks disabled) to generate the diff. It happens on the host when using copy mode, and inside the sandbox when using overlay mode.
The above example doesn't specify workdir mounting mode, so it would be copy, not overlay.
link
creata
65 days ago
If it runs inside the sandbox and the guest is compromised, can't the guest just lie?
link
kstenerud
65 days ago
Absolutely. That's why overlay is not the default.
link
creata
65 days ago
That's... uh, an interesting approach to security.
link
kstenerud
65 days ago
What is? Defaulting to the most secure method?
link
The above example doesn't specify workdir mounting mode, so it would be copy, not overlay.