Skip to content

sbx: remove dind limitation on windows #24599

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dvdksn merged 1 commit into from
Apr 3, 2026
+11 −27
Merged

sbx: remove dind limitation on windows #24599

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 11 additions & 13 deletions content/manuals/ai/sandboxes/agents/custom-environments.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,19 +84,17 @@ CLI, and common development tools like Node.js, Python, Go, and Java.
| `opencode` | [OpenCode](https://opencode.ai) |
| `shell` | No agent pre-installed. Use for manual agent setup. |

Each variant also has a `-docker` version (for example,
`claude-code-docker`) that includes a full Docker Engine running inside the
sandbox — no local Docker daemon required. The `-docker` variants are the
defaults used by `sbx run` on macOS and Linux. These variants run in
privileged mode inside the microVM (not on your host), with a dedicated block
volume at `/var/lib/docker`, and `dockerd` starts automatically inside the
sandbox.

The block volume defaults to 50 GB and uses a sparse file, so it only
consumes disk space as Docker writes to it. On Windows, the volume is not
sparse and the full 50 GB is allocated at creation time, which increases
startup time. For this reason, the non-docker variants are the default on
Windows.
Each variant also has a `-docker` version (for example, `claude-code-docker`)
that includes a full Docker Engine running inside the sandbox — no local Docker
daemon required. When you pick a built-in agent without specifying a custom
template, `sbx run` and `sbx create` use the `-docker` template variants by
default.

The agent containers created from the `-docker` templates run in privileged
mode inside the microVM (not on your host), with a dedicated block volume at
`/var/lib/docker`, and `dockerd` starts automatically inside the sandbox. The
block volume defaults to 50 GB and uses a sparse file, so it only consumes disk
space as Docker writes to it.

To override the volume size, set the `DOCKER_SANDBOXES_DOCKER_SIZE`
environment variable to a size string before starting the sandbox:
Expand Down
14 changes: 0 additions & 14 deletions content/manuals/ai/sandboxes/troubleshooting.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,20 +59,6 @@ configured to use the forward proxy. See
[Monitoring network activity](security/policy.md#monitoring)
for details.

## Docker not available inside the sandbox on Windows

On Windows, sandboxes use non-docker template variants by default, so `docker`
commands aren't available inside the sandbox. To use Docker inside a sandbox on
Windows, specify a `-docker` template:

```console
$ sbx run --template docker.io/docker/sandbox-templates:claude-code-docker claude
```

The `-docker` variants work on Windows but have slower startup times. See
[Base images](agents/custom-environments.md#base-images) for details and the
full list of templates.

## Docker build export fails with "lchown: operation not permitted"

Running `docker build` with the local exporter (`--output=type=local` or `-o
Expand Down