this post was submitted on 24 Jun 2026
770 points (99.6% liked)

Programmer Humor

31972 readers
1139 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 3 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
770
Frog put Claude in a box (lemmy.ml)
submitted 1 day ago by cm0002@toast.ooo to c/programmer_humor@programming.dev
44 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] verstra@programming.dev 11 points 1 day ago (2 children)

Well, these are some kind of lightweight container, no? But without isolating network, or /etc, /proc, /usr, /var or dbus.

I do agree that linux needs a notion of an "app" (isolated, with access only to its config and files you give it, and a small, well-designed set of APIs for interacting with the system). For coding agents, I think a better answer are development containers, because that would be needed to prevent npm/cargo/python build scripts from causing harm anyway.

[–] jaybone@lemmy.zip 4 points 1 day ago

Does AppArmor kind of do that? I recall recently struggling like fuck to give a torrent daemon app access to some script file I wanted it to run.

[–] KindaABigDyl@programming.dev 3 points 1 day ago

I'm not suggesting containers but rather running binaries natively, just as separate users. No cgroups or overhead. Just normal binary access, just you won't have access to all files (and since everything is a file, "all files" includes hardware as well)