
Summaries like this, in your inbox every morning.
Sign up free →AgentJail is a Rust library plus optional control plane that isolates untrusted code in child processes within fresh Linux namespaces, using pivot-root, seccomp filtering, cgroup limits, and optional egress-proxy allowlisting—without requiring a VM, daemon, or setuid helper.
Isolation is enforced via mount/network/IPC/PID namespaces, a 128-bit-random pivot-rooted minimal filesystem, seccomp-BPF syscall blocklists (Standard / Strict modes), and resource limits (memory, CPU, PIDs, disk I/O via cgroup v2). Network mode can be None, Loopback, or Allowlist with DNS rebinding protection.
The core crate (agentjail) is covered by a privileged test suite, but the control plane, TypeScript/Python SDKs, web UI, and gateway are useful but not yet production-hardened. A threat model with regression tests covers 20 attack scenarios including fork bombs, network exfiltration, and namespace escape.
Requires Linux ≥ 5.13, cgroup v2, user namespaces, and Rust 1.85+ (edition 2024). CAP_NET_ADMIN is needed for Allowlist network mode only.
No comments yet. Be the first to share your thoughts!
Log in to join the discussion




Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.
Get Started FreeFree · takes 30 seconds · unsubscribe anytime
1 minute a day. The AI essentials.
200+ sources · Email / LINE / Slack