> Inside the sandbox but not on my machine. Show me how it can access an unmounted directory.
replySo it says right on the tin of my favorite distro: 'Warning: Beware that the docker group membership is effectively equivalent to being root! Consider using rootless mode below.' So # docker run super-evil-oci-container with a bind mount or two and your would-be attacker doesn't need to guess your sudo password.
> docker run super-evil-oci-container
reply 1. That super evil OCI container still needs to find a vulnerability in Docker
2. You can run Docker in rootless mode e.g. Orbstack runs without rootThey're suggesting that the attacker is in a position to `docker run`. Any attacker in that position has privesc to root, trivially.
replyRootless mode requires unprivileged user namespaces, disabled on almost any distribution because it's a huge security hole in and of itself.
What's particularly vexing is that there is this agentic sandboxing software called "container-use" and out of the box it requires you to add a user to the docker group because they haven't thought about what that really means and why running docker in that configuration option shouldn't be allowed, but instead they have made it mandatory as a default.
replyI'm not going to code review your sandbox project for you.
reply