Exec Policies Atlas agents can execute commands on behalf of peers. The exec security policy controls which commands are allowed and under what conditions.
Exec modes The exec_security.mode setting controls the overall execution policy:
Mode Behavior denyDefault. All command execution is blocked.allowlistOnly binaries on the allowlist can execute. fullAny command can execute (subject to denylist filtering).
Exec must be explicitly enabled before any mode takes effect. By default, exec.enabled is false.
Enable exec
Enable the exec engine
atlas config set exec.enabled true
Choose a security mode
Allowlist mode (recommended)
Full mode (use with caution)
Deny mode (disable exec)
atlas config security set-mode allowlist
Managing the allowlist In allowlist mode, only explicitly approved binaries can execute:
# Add a binary to the allowlist atlas config security allow python3 atlas config security allow node # View current policy atlas config security show
Output:
Mode : allowlist Strict inline eval: true Allowed binaries : python3, node Denied binaries : rm, sudo, chmod
Managing the denylist The denylist applies in all modes (including full mode). Denied binaries are always blocked:
# Add a binary to the denylist atlas config security deny curl atlas config security deny wget
Default denied binaries:
Binary Reason rmFile deletion sudoPrivilege escalation chmodPermission modification
Strict inline eval When strict_inline_eval is true (the default), the agent blocks inline code evaluation patterns such as shell expansion and pipe chains that could bypass the allowlist/denylist:
# View current setting atlas config security show # Toggle it atlas config set exec_security.strict_inline_eval false
Disabling strict inline eval in production is not recommended. It allows peers to craft commands that bypass binary-level filtering.
Exec configuration reference Full config.toml section:
[ exec ] enabled = false # Must be true for any execution default_timeout_secs = 300 # Default command timeout (5 min) max_concurrent_sessions = 10 # Max parallel exec sessions default_sandbox = "none" # Sandbox: none, bubblewrap, docker output_buffer_limit = 1048576 # Max output buffer (1 MB) [ exec_security ] mode = "deny" # deny | allowlist | full allowed_binaries = [] # Binaries allowed in allowlist mode denied_binaries = [ "rm" , "sudo" , "chmod" ] # Always blocked strict_inline_eval = true # Block inline eval patterns approval_required_patterns = [] # Patterns requiring approval
Reset to defaults atlas config security reset
This resets exec_security to:
Mode: deny
Allowed binaries: empty
Denied binaries: rm, sudo, chmod
Strict inline eval: true
Approval required patterns: empty
Running commands Once exec is enabled and the security mode allows it:
Foreground execution
Background execution
atlas exec run python3 script.py --timeout 60 --sandbox none
Flag Default Description --timeout300Timeout in seconds --sandboxnoneSandbox mode: none, bubblewrap, docker --approvefalseRequire approval before execution --hostlocalWhere to run: local, gateway, node:<peer_id>