|
|
|
|
|
|
by nicolix
5 days ago
|
|
|
On linux I devised this strategy for letting llm webuis or coding agent to securely run programs by burying their environment under multiple layers of locally arranged sandboxing. Basically: run as another user -> run inside firejail sandbox -> run inside a stripped down alpine linux vm with smolvm. See the whole procedure here:
https://www.reddit.com/r/LocalLLaMA/comments/1tm93ng/how_i_d... P.S. directories can be easily shared between the sandboxed guest and the host os P.P.S. to stay a bit more on the safe side I also changed the name of the package manager for the guest os to something else so that when a coding agent would try to autonomously install external packages it will fail. I've then instructed it to (politely) ask for whatever it needs to be eventually manually installed by me |
|
|