Abhinav, a developer at Greptile working on AI code review agent infrastructure, discusses the challenges and solutions associated with allowing LLM-powered agents access to filesystems for code review. While executing commands locally is relatively safe, doing so on a cloud machine introduces security risks due to potential unauthorized access to sensitive files. The article explores how file access is managed at the kernel level through the open syscall in Linux, highlighting three key failure points that can be leveraged to conceal files: permission checks, mount masking, and changing the root directory (chroot). By combining mount namespaces and chroot, processes can be isolated in a controlled environment, preventing them from accessing sensitive files outside their designated directories. This approach parallels containerization technologies like Docker and Podman, which use kernel-level isolation to create secure sandboxes for processes. At Greptile, the agent process runs in a locked-down rootless Podman container, ensuring that it only accesses files deemed necessary by the kernel, thereby mitigating security risks.