Use unshare by default in linux to protect access

[3v1n0]

Describe the feature or problem you'd like to solve

The tool should never have any kind of write access to places the users have not ack'ed for

Proposed solution

I'm currently running copilot using bubblewrap to ensure it only works where I want via:

bwrap --ro-bind / / \
      --bind "$PWD" "$PWD" \
      --bind /tmp /tmp \
      --bind "$HOME/.copilot" "$HOME/.copilot" \
      --dev /dev \
      --proc /proc \
      --unshare-all \
      copilot

This is something that the tool should do by default

Example prompts or workflows

No response

Additional context

No response

[doggy8088]

When using GitHub Copilot CLI v1.0.9, I encountered the error: bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted. It seems a bug. I can only run with --yolo to bypass this error.