Permissions

Secure Exec checks a per-domain permission policy against every guest syscall, so denied operations are rejected before any host resource is touched. At a glance:

• Per-domain policy: Each domain (fs, network, childProcess, process, env, tool) is configured independently against every guest syscall.
• Allow, deny, or rules: A domain takes a mode ("allow" or "deny") or a rule set ({ default, rules }) for fine-grained control.
• Enforced before the host: A denied operation is rejected with EACCES before any host resource (socket, file) is opened.
• Secure defaults: The network is deny-by-default; filesystem, child processes, process info, and env are enabled so normal programs run.
• Trusted policy, untrusted subject: The policy is set by the host, but the guest is the subject it binds. A denied domain holds even when guest code actively tries to escape it.

Full reference

The complete permission scopes, modes, and rule configuration are owned by agentOS.

agentOS: Permissions The complete permission scopes, modes, and rule configuration.