Safe YOLO Mode: Running LLM agents in vms with Libvirt and Virsh
metachris.devWhilst it is safer to run inside a Vm/container, it doesn't make it safe.
Yes, having your entire filesystem deleted is much less likely now (bonus points for zfs snapshots of the image for each operation) Your context is still vulnerable, as anything the VM has access too.
Good point! Running in isolation does reduce the amount of sensitive things an LLM has access to though, which typically can be quite a lot (SSH keys, Cloud credentials, communication tools, etc.)
Interesting. Im looking for solution to run multiple OpenClaw bots in the cloud, with security and isolation in mind.
I ended up using guix shells (container mode) for my agents and sharing just the directories they need
The comparison between these and lima makes me think that it's AI generated
I've had LLMs assist me in putting together the comparison. I did edit it, and found the comparison good and wanted to keep it. The rest of the post is all hand written and thoroughly manually tested.
Oh my GOD just STOP with the awful kitschy sepia toned slop images for blog posts like these. I can't take it any more!!!
Gave your comment a bit more thought and I kind of agree, and removed the image! Thanks for your feedback.
For no special reason, beside I could, I’ve slop coded this AI agents ephemeral VM orchestrator which I use inside any agent to manipulate and maintain my coding VMs on Proxmox. Probably it could make sense to simplify it further and move from Proxmox to something like this. Link: https://github.com/nibzard/agentlab