> Don't just rawdog a coding agent because a perfectly viable solution (containers) takes an hour or two of work to set up.
Setting up a separate unprivileged Linux user account takes all of like a minute. Assuming that the $HOME for your daily-driver account isn't world-readable, [0] that gets you the majority of the isolation that containerization provides and doesn't expose you to any bugs in the containerization management daemon (or the containerization code, itself) that may still be present even after all these years.
These things are usually TUIs or CLIs, so you don't need to bother with giving them xauth access or whatever the Wayland equivalents for that are.
[0] If it is, you might consider fixing that immediately.
> "Create a new user account" is much better advice than "don't use a container".
That wasn't exactly what PunchyHamster was saying. PH was saying that putting an untrusted workload in a container doesn't prevent it from scanning (and attacking) your network... so your IP network security is just as bad when that untrusted workload is containerized as when it's not. Containers/sandboxes can provide filesystem segmentation (except when they don't! [0]), but the way they're typically used, they provide zero network segmentation.
I mention in my comment here [1] that it's useful for whatever isolation mechanism you use (even if it's "just" 'a separate minimally-privileged user') to ensure that programs its spawns are on separate VLANs that your router prevents from talking to anywhere other than the Internet.
Setting up a separate unprivileged Linux user account takes all of like a minute. Assuming that the $HOME for your daily-driver account isn't world-readable, [0] that gets you the majority of the isolation that containerization provides and doesn't expose you to any bugs in the containerization management daemon (or the containerization code, itself) that may still be present even after all these years.
These things are usually TUIs or CLIs, so you don't need to bother with giving them xauth access or whatever the Wayland equivalents for that are.
[0] If it is, you might consider fixing that immediately.