From 8e47bd6c8c58131f31a959d8f74380f191892c4d Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Tue, 27 Jan 2026 16:14:18 +0100 Subject: [PATCH 1/2] sandboxes: windows crash issue with too many sandboxes Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- content/manuals/ai/sandboxes/troubleshooting.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/content/manuals/ai/sandboxes/troubleshooting.md b/content/manuals/ai/sandboxes/troubleshooting.md index 121a160da819..319657874138 100644 --- a/content/manuals/ai/sandboxes/troubleshooting.md +++ b/content/manuals/ai/sandboxes/troubleshooting.md @@ -105,3 +105,17 @@ Also verify the workspace path exists: $ cd $ pwd ``` + +## Sandbox crashes on Windows when launching multiple sandboxes + +On Windows, launching too many sandboxes simultaneously can cause crashes. + +If this happens, recover by closing the OpenVMM processes: + +1. Open Task Manager (Ctrl+Shift+Esc). +2. Find all `docker.openvmm.exe` processes. +3. End each process. +4. Restart Docker Desktop if needed. + +To avoid this issue, launch sandboxes one at a time rather than creating +multiple sandboxes concurrently. From e7064167a0bbf8f5b77db2476bcb06fc56d6baa5 Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Tue, 27 Jan 2026 16:15:57 +0100 Subject: [PATCH 2/2] sandboxes: add security notice for mounting directories/executables Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- content/manuals/ai/sandboxes/get-started.md | 5 +++++ content/manuals/ai/sandboxes/workflows.md | 25 +++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/content/manuals/ai/sandboxes/get-started.md b/content/manuals/ai/sandboxes/get-started.md index 3f7e0f5c08a8..768b93ebf5b5 100644 --- a/content/manuals/ai/sandboxes/get-started.md +++ b/content/manuals/ai/sandboxes/get-started.md @@ -66,6 +66,11 @@ When you ran `docker sandbox run`: The sandbox persists until you remove it. Installed packages and configuration remain available. Run `docker sandbox run ` again to reconnect. +> [!NOTE] +> Agents can modify files in your workspace. Review changes before executing +> code or performing actions that auto-run scripts. See +> [Security considerations](workflows.md#security-considerations) for details. + ## Basic commands Here are essential commands to manage your sandboxes: diff --git a/content/manuals/ai/sandboxes/workflows.md b/content/manuals/ai/sandboxes/workflows.md index b6e13856fb24..63888784aad4 100644 --- a/content/manuals/ai/sandboxes/workflows.md +++ b/content/manuals/ai/sandboxes/workflows.md @@ -90,6 +90,31 @@ When you remove a sandbox: To preserve a configured environment, create a [Custom template](templates.md). +## Security considerations + +Agents can create and modify any files in your mounted workspace, including +scripts, configuration files, and hidden files. + +After an agent works in a workspace, review changes before performing actions +on your host that might execute code: + +- Committing changes (executes Git hooks) +- Opening the workspace in an IDE (may auto-run scripts or extensions) +- Running scripts or executables the agent created or modified + +Review what changed: + +```console +$ git status # See modified and new files +$ git diff # Review changes to tracked files +``` + +Check for untracked files and be aware that some changes, like Git hooks in +`.git/hooks/`, won't appear in standard diffs. + +This is the same trust model used by editors like Visual Studio Code, which +warn when opening new workspaces for similar reasons. + ## Named sandboxes Use meaningful names for sandboxes you'll reuse: