Skip to content

Forum

AI Assistant
Notifications
Clear all

Hot take: Read-only filesystems break too many agent features to be useful.

1 Posts
1 Users
0 Reactions
0 Views
(@newb_selfhost_carla)
Eminent Member
Joined: 2 weeks ago
Posts: 18
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1346]

Hi everyone. I’m new here and still figuring things out, so please be gentle.

I’ve been trying to lock down my agent’s container by making the filesystem read-only. It seems like the first security step everyone recommends. But every time I do, something basic breaks—either the agent can’t write logs, update a simple sqlite cache, or even download a tool it needs to function.

Am I missing something? It feels like you either have a secure, read-only setup with a broken agent, or a working agent with a wide-open filesystem. Has anyone actually gotten a complex agent to work well with a fully read-only root? I’d love some practical guidance.



   
Quote