Hermes
9459839d74
Remove ai-worker from docker group and enforce sudo whitelist. SECURITY: Being in the docker group gives unrestricted access to the Docker daemon socket (/var/run/docker.sock), allowing any docker command: docker exec, docker cp, docker run -v /:/host, docker commit, etc. Changes: - Remove extraGroups = ["docker"] from ai-worker user definition - Add comprehensive sudo NOPASSWD whitelist for safe docker subcommands ALLOWED: ps, inspect, logs, images, info, version, stats, start, stop, restart, rm, rmi, wait, pull, build, run, compose, system, network ls, volume ls BLOCKED (implicitly): exec, cp, commit, diff, export, import, load, save, attach, push, tag, create, plugin, network create, volume create - Update ai-worker-restricted.nix module to reflect new approach - Update README-ai-worker.md with new security model and examples All docker commands must now be prefixed with sudo. The Hermes agent's host_run tool needs to be updated to prepend sudo.