With the rise of things like AI agents wanting to run commands on my computer, I wanted a way to let them do that but in a safe environment. `sandbox` is a tool that utilizes built in Linux features like namespaces and OverlayFS to create essentially a container that looks and feels pretty much identical to my host machine, but any changes made are done in a staging area that I can later accept or reject changes from. There's also a crude network on/off toggle so if I'm running something I don't trust not to send data off to malicious actor, I can sandbox it without network access.
While my own use case primarily revolves around letting AI agents run amok in their own sandboxes, it's meant to be general purpose and I could see it being useful for some development tasks like testing file migrations or other file management tasks where you want to snapshot and discard frequently. Another use case I'll be using it for is to vet installing things from whatever trendy shell based installer that expects you to curl pipe a shell script into sudo bash, and in general running things I don't fully trust not to inadvertently mess something up on my computer.
This is the initial public release. I've been using it internally for a couple of months now and I think I have most of the serious issues squashed, but I'm sure there are some issues and many improvements to be made, feedback and bug reports are appreciated.
d3Xt3r•9mo ago
I wonder if this could also be used on immutable distros as a way to make temporary or even semi-permanent changes, like installing a system-level app such as a VPN (I ask because the built-in layering solution on distros like Fedora Atomic isn't ideal).
Assuming there is a use case for immutables, what I don't understand is the "sync" business - if the overlay sits on top of the host and sees the host's files, why does it need to "sync" exactly? So say I have an app installed in the sandbox, and I upgraded the OS to the latest edition—what would be the behaviour in the sandbox, and what's the best solution for that? Like, do I need to even run a sync in the first place, if I rebooted the machine? What does the sync do exactly in this instance? And I'm guessing any changes made inside the sandbox would get overridden? Say the app modified /etc/resolv.conf in the sandbox, would a sync override that file? Would the best solution be to reinstall the app(s) in the sandbox, or delete and recreate the sandbox and then reinstall everything inside? Probably best do this on every boot then I suppose, via a script or something?
anoek•8mo ago
> I wonder if this could also be used on immutable distros as a way to make temporary or even semi-permanent changes
I've used it on my own machine to test upgrades and whatnot, typically it just works, so it might very well be useful for the use case you're thinking of.
> like installing a system-level app such as a VPN
At present there's a flag `--net` which when set to `--net=none` it creates a new networking namespace for the sandbox without doing any additional things to configure the network within the sandbox, so its a simple way to block traffic. I think creating a new namespace but then following it up with setting it up with whatever VPN stuff you wanted would work quite well to create a sandbox that strictly used a particular VPN configuration.
> if the overlay sits on top of the host and sees the host's files, why does it need to "sync" exactly
OverlayFS sometimes caches read results from the "lower" file system, so often it'll just work as you expect, but sometimes reads will be stale. The sync action just flushes all changes to disk and clears the read cache to work around that problem. You definitely don't need to run a sync if you've just rebooted. Additionally any changes made in the upper fs (the sandboxed view) will remain, sync is non destructive in nature.
anoek•9mo ago
While my own use case primarily revolves around letting AI agents run amok in their own sandboxes, it's meant to be general purpose and I could see it being useful for some development tasks like testing file migrations or other file management tasks where you want to snapshot and discard frequently. Another use case I'll be using it for is to vet installing things from whatever trendy shell based installer that expects you to curl pipe a shell script into sudo bash, and in general running things I don't fully trust not to inadvertently mess something up on my computer.
This is the initial public release. I've been using it internally for a couple of months now and I think I have most of the serious issues squashed, but I'm sure there are some issues and many improvements to be made, feedback and bug reports are appreciated.
d3Xt3r•9mo ago
Assuming there is a use case for immutables, what I don't understand is the "sync" business - if the overlay sits on top of the host and sees the host's files, why does it need to "sync" exactly? So say I have an app installed in the sandbox, and I upgraded the OS to the latest edition—what would be the behaviour in the sandbox, and what's the best solution for that? Like, do I need to even run a sync in the first place, if I rebooted the machine? What does the sync do exactly in this instance? And I'm guessing any changes made inside the sandbox would get overridden? Say the app modified /etc/resolv.conf in the sandbox, would a sync override that file? Would the best solution be to reinstall the app(s) in the sandbox, or delete and recreate the sandbox and then reinstall everything inside? Probably best do this on every boot then I suppose, via a script or something?
anoek•8mo ago
I've used it on my own machine to test upgrades and whatnot, typically it just works, so it might very well be useful for the use case you're thinking of.
> like installing a system-level app such as a VPN
At present there's a flag `--net` which when set to `--net=none` it creates a new networking namespace for the sandbox without doing any additional things to configure the network within the sandbox, so its a simple way to block traffic. I think creating a new namespace but then following it up with setting it up with whatever VPN stuff you wanted would work quite well to create a sandbox that strictly used a particular VPN configuration.
> if the overlay sits on top of the host and sees the host's files, why does it need to "sync" exactly
OverlayFS sometimes caches read results from the "lower" file system, so often it'll just work as you expect, but sometimes reads will be stale. The sync action just flushes all changes to disk and clears the read cache to work around that problem. You definitely don't need to run a sync if you've just rebooted. Additionally any changes made in the upper fs (the sandboxed view) will remain, sync is non destructive in nature.