Comment by elpakal

Comment by elpakal 6 days ago

1 reply

View on Hacker News

> Sandboxing: All Cloud Run instances are sandboxed with two layers of sandboxing and can be configured to have minimal IAM permissions via dedicated service identity. In addition, CodeRabbit is leveraging Cloud Run's second generation execution environment, a microVM providing full Linux cgroup functionality. Within each Cloud Run instance, CodeRabbit uses Jailkit to create isolated processes and cgroups to further restrict the privileges of the jailed process.

In case you don't want to read through the PR

0x457 6 days ago

I don't get it, if you're running on linux then just use Landlock LSM inside a VM.

Reply View 0 replies