Show HN: Drop – LLM 에이전트 및 신뢰할 수 없는 코드를 위한 Linux 샌드박싱

Drop allows you to easily create sandboxed environments that isolate executed programs and LLM agents while preserving as many aspects of your work environment as possible. Drop uses your existing distribution, so all the programs you've installed are available in the sandbox. Your username is preserved, and selected configuration files remain readable in the sandbox. The workflow is inspired by Python's virtualenv: create an easily disposable environment, enter it, work normally - but with enforced sandboxing. To create a new Drop environment you simply: alice@zax:~/project$ drop init Drop environment created with config at /home/alice/.config/drop/home-alice-project.toml To start a sandboxed shell in the created environment: alice@zax:~/project$ drop run bash The created environment gets its own writable home dir with selected files and dirs from your original home available in read-only mode. By default the environment has access to your current working directory in read-write mode, with the exception of the .git subdirectory, which is read-only: (drop)alice@zax:~/project$ file ~/.bashrc /home/alice/.bashrc: ASCII text (drop)alice@zax:~/project$ file ~/.ssh /home/alice/.ssh: cannot open `/home/alice/.ssh' (No such file or directory) (drop)alice@zax:~/project$ echo "evil command" >> ~/.bashrc bash: /home/alice/.bashrc: Read-only file system Drop uses a Linux mount namespace to arrange its own root filesystem, hiding the original host file system: /usr ,/bin ,/sbin ,/lib ,/etc are bind mounted from the host in read-only mode.- Fresh /proc ,/run ,/dev ,/sys are mounted. - Each Drop environment gets its own writable and persistent home dir, /tmp and/var . The original user home dir is hidden. - By default, new Drop environments are configured to mount the directory in which the environment was initialized in read-write mode, with the exception of the .git subdirectory, which is read-only. A TOML configuration file specifies which other dirs and files from the host should be mounted to the sandbox. Default config mounts common configuration files, such as ~/.bashrc , executables dirs, such as ~/.local/bin , all in read-only mode. In addition to filesystem restriction, the sandbox has: - own process and IPC namespaces, so it only sees and can interact with processes from the sandbox. - own network namespace which, by default, allows external network access, but disallows access to services running on localhost. Drop requires passt/pasta package for isolated networking, which is available on most Linux distributions: $ sudo apt-get install passt # Debian/Ubuntu $ sudo dnf install passt # Fedora $ sudo pacman -S passt # Arch Download a prebuilt binary from GitHub releases and place it in your PATH: # Set ARCH to either amd64 or arm64 ARCH=$(uname -m | sed 's/x86_64/amd64/; s/aarch64/arm64/') curl -o drop -L https://github.com/wrr/drop/releases/latest/download/drop-linux-$ARCH install -m 755 drop ~/.local/bin/ An alternative to downloading the release binaries is to use the Go compiler (1.24+) to build and install Drop with a single command: CGO_ENABLED=0 go install github.com/wrr/drop/cmd/drop@latest The option CGO_ENABLED=0 produces a statically linked binary and does not require a C compiler, but is not strictly required. For Ubuntu 24+ AppArmor config and Fedora SELinux config see distro-specific sections. The commands to work with Drop are: drop - show helpdrop init [ENV_ID] - create a new Drop environment. If ENV_ID is not given, it is derived from the current working directory.drop run [-e ENV_ID] [command...] - run a command in a Drop environment. For example,drop run -e vault13 ps aux , if command is not given, a shell is started. If-e ENV_ID is not given, it is derived from the current working directory.drop ls - list created environmentsdrop rm - remove an environmentdrop update --check - check if a new version of Drop is available By default Drop config files are stored in ~/.config/drop . When drop init is run for the first time, it creates a base.toml config file, which by default is shared by all Drop environments. The created base.toml config exposes several common dotfiles that are present in your home dir to Drop environments. The config also exposes common environment variables. Review the generated defaults, ensure that no files with secrets are exposed, expose config files of other programs that you use. drop init also creates a tiny, environment specific config file. This file extends base.toml and allows to add environment specific configuration. drop init configures the created environment to have access to the directory in which drop init was run in read-write mode. If the directory contains a .git subdirectory, that subdirectory is configured read-only by default. This can be changed with --no-cwd flag: drop init --no-cwd The generated files can be edited at any time to remove or add additional exposed directories, files and network services. Drop is a high level sandboxing tool with min