AIToday

AgentJail: A Rust library for running untrusted code in minimal Linux sandboxes, now in beta.

Hacker NewsApr 28, 20262 min read
AgentJail: A Rust library for running untrusted code in minimal Linux sandboxes, now in beta.

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  1. AgentJail is a Rust library plus optional control plane that isolates untrusted code in child processes within fresh Linux namespaces, using pivot-root, seccomp filtering, cgroup limits, and optional egress-proxy allowlisting—without requiring a VM, daemon, or setuid helper.

  2. Isolation is enforced via mount/network/IPC/PID namespaces, a 128-bit-random pivot-rooted minimal filesystem, seccomp-BPF syscall blocklists (Standard / Strict modes), and resource limits (memory, CPU, PIDs, disk I/O via cgroup v2). Network mode can be None, Loopback, or Allowlist with DNS rebinding protection.

  3. The core crate (agentjail) is covered by a privileged test suite, but the control plane, TypeScript/Python SDKs, web UI, and gateway are useful but not yet production-hardened. A threat model with regression tests covers 20 attack scenarios including fork bombs, network exfiltration, and namespace escape.

  4. Requires Linux ≥ 5.13, cgroup v2, user namespaces, and Rust 1.85+ (edition 2024). CAP_NET_ADMIN is needed for Allowlist network mode only.

Discussion

No comments yet. Be the first to share your thoughts!

Log in to join the discussion

Related Articles

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →