There is a separation of concern:
Agent can access its own secret (api key) but does not have egress outside a restrict api pool.
Sidecar can access its own secret but can only reach registries
Nested containers have open egress. But cannot access secrets from sidecar and agent containers.
2/2
Yes the agent container itself by default has a deny-all/allow-some, it can obviously reach api endpoints for the service. That is also configurable too.
1/2
So, right now agent itself has only access to api endpoints. Nested containers have open egress, but they don't have access to any secret. You can have a deny-all network for nested containers too, network is fully customizable from outside the sandbox
Happy to announce my new project: Clampdown!
Run AI coding agents in hardened container sandboxes, with Landlock FS isolation, iptables egress control, and more.
Keep your project tidy and your host safe!
github.com/89luca89/cla...
#linux #ai #agent #security
The recording of my #fosdem talk is now available!
fosdem.org/2026/schedul...
#linux #filesystem #xfs #reproducible #builds
But you are too!
Excited to announce I'll be speaking at FOSDEM 2026!
I'll be in the Kernel devroom talking about reproducible XFS filesystems — how to populate images directly from a directory tree at creation time, no mounting required.
fosdem.org/2026/schedul...
#FOSDEM #FOSDEM2026 #XFS #Linux #Kernel
Distrobox 1.8.2.0 released! Tons of fixes and polish, new distros, 20 new contributors & a new co-maintainer @dottorblaster #linux #containers #distrobox #opensource
Check it out: github.com/89luca89/dis...
Hi all
due to problems with the Telegram account I have to create a new group for #Distrobox
The matrix group remains unchanged, and it will be bridged with the telegram one.
I urge you to *leave the old group* and join the new one:
t.me/distrobox_chat_new
DistroShelf la gestione di Distrobox da GUI in Linux
DistroShelf è una soluzione pratica per gestire container Linux senza la complessità di configurazioni avanzate
Hi! In case you missed, my #FOSDEM talk about creating a #rootless #container manager from scratch is available!
We'll talk about the basic principles to build your own container manager, using #lilipod as an example project:
fosdem.org/2025/schedul...
#opensource #linux #container #distrobox
Beta version of Red Hat Enterprise Linux 10 (RHEL10) running inside of Podman with Distrobox on a Fedora Linux 41 system.
When you've installed subscription-manager on the base (in this case Fedora) system and activated the system, then the entire RHEL […]
[Original post on burningboard.net]
#nvidia hotfix release for #distrobox 1.8.1.2:
init: improve #nvidia symlinks resolution. Fix #1668
init: mask systemd-resolved in case we use host's network
Thanks everyone for reporting problems!
github.com/89luca89/dis...
#podman #docker #linux #opensource #containers
Hot bugfix #distrobox #release!
improve nvidia file integration, adopt a more solid approach from: github.com/NVIDIA/nvidi...
solve a problem with distrobox-export
github.com/89luca89/dis...
Hi All!
New release of #distrobox is on the way!
1.8.1 brings lots of improvements and refinements all over the place, in pkg manager handling, nvidia integration and in performance department! 💪
Also many many new contributors! 🎉
Check it out! github.com/89luca89/dis...
And for the ones using #Distrobox on #Aeondesktop or #Bluefin (or anywhere else), here's a small new year gift:
github.com/nunix/config...
@89luca89.bsky.social @castrojo.bsky.social assemble 😇
The appsvenger Corsair 🏴☠️
Adapting to Atomic systems like Aeon? Explore how #Distrobox can transform your development workflow. #openSUSE #DevOps #Containers youtu.be/24F3uFMrDtE?...
