Hi -
I'm excited about this tool, but having some start up issues.
I managed to install it, then did the apt install of socat. (bwrap was already present).
I then needed to add an apparmor config file:
abi <abi/4.0>,
include <tunables/global>
profile bwrap /usr/bin/bwrap flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/bwrap>
}
Once this was done, fence works with ls (fence -m ls, fence -- ls, and fence ls all work).
However, using this with the copilot cli (any of the above options) flashes the terminal and returns in about a second.
I've checked and the /tmp/fence directory exists, as does a /tmp/fence-seccomp directory with several .bpf files. These to be a binary format.
Info:
➜ copilot --version
GitHub Copilot CLI 1.0.15.
➜ fence --version
fence - lightweight, container-free sandbox for running untrusted commands
Version: 0.1.40
Built: 2026-03-31T21:31:24Z
Commit: d5bce6adfaa35f96d401f290f59cfe24de617031
thanks for any help you can provide! This looks like a really interesting and useful project!
Hi -
I'm excited about this tool, but having some start up issues.
I managed to install it, then did the apt install of socat. (bwrap was already present).
I then needed to add an apparmor config file:
Once this was done, fence works with
ls(fence -m ls,fence -- ls, andfence lsall work).However, using this with the copilot cli (any of the above options) flashes the terminal and returns in about a second.
I've checked and the
/tmp/fencedirectory exists, as does a/tmp/fence-seccompdirectory with several.bpffiles. These to be a binary format.Info:
thanks for any help you can provide! This looks like a really interesting and useful project!