This article is from February - we have since shipped the microvm sandbox engine as a seperate binary: sbx - no docker desktop required, small 50mb binary.
Not sure how well their work maps to sbx, but there has been multiple releases with features and improvements since then
jakogut 9 hours ago [-]
Interesting to see the adjective "small" used to describe a single binary in the same amount of space used by an entire embedded Linux-based operating system.
derkoe 4 hours ago [-]
Is this a closed source product?
koreth1 22 hours ago [-]
> sbx - no docker desktop required
I usually run OrbStack instead of Docker Desktop on my Mac (Docker Desktop is installed on my system, just not running) and when I tried running sbx, it ignored my OrbStack setup and auto-launched Docker Desktop's daemon instead.
If it's possible to bypass that and tell sbx to use OrbStack instead, I'd love to know how.
> Docker Sandboxes require Docker Desktop 4.58+ on macOS or Windows. Linux is not supported since Docker Desktop uses platform-specific virtualization (Apple Virtualization.framework on macOS, Hyper-V on Windows).
Docker can launch machines (linux vms) on Linux too, that is all they are doing here is launching a container instance separate Linux VM, vs the typical shared VM instance.
By default they don't do so on Linux because it has performance costs and consumes resources, but they fully support KVM[0].
I am not sure if it is a more optimized docker machine VM image or not, but it looks they are just recycling the old model with support for instance specific docker sockets.
I encourage people to try podman on windows/MacOS just because they will allow you to SSH into the machine `podman ssh` and let you pull back the covers on the black box.
But Docker/Podman/Rancher Desktop use the same methods.
I’m confused. Docker Desktop isn’t supported on Linux?
I just followed Docker’s docs [0] to get Docker Desktop installed on Ubuntu.
Maybe I’m missing some specific point you’re making about some lower level detail, but they support and have instructions for Docker Desktop on Linux in their own docs.
On Linux, most people only install the Docker Engine, unless they want the GUI.
On MacOS or Windows you have to install Docker Desktop which spins up a VM running linux.
You installed Docker's "Docker Desktop" which will spin up that VM by default, but you would get better performance by using `docker context` and running natively.
Docker depends on Linux, specificly namespaces/unshare()/clone() etc..., that is why MacOS and Windows installs require desktop and spin up a VM by default.
But on Linux, containers with engine (native) are just processes.
Sorry if that isn't clear but I am actually unwilling to install docker desktop as podman fits my needs better and they conflict.
andix 1 days ago [-]
Is a container breach really the relevant problem to solve for agents? VMs provide better isolation, that's true. But does it matter?
Even sandboxed agents usually have a lot of capabilities. Adding backdoors to code by installing breached packages, abusing some access tokens to cause harm, and much more.
danudey 4 hours ago [-]
In a world where we're getting one local privilege escalation vulnerability a week, I think that VM isolation can still be a significant benefit.
fionic 17 hours ago [-]
The claim here in your second part is valid.
> Adding backdoors to code by installing breached packages, abusing some access tokens to cause harm, and much more.
But it doesn’t mean stricter isolation (ie separate kernel space) is a bad thing. One less attack surface in other words. It’s 100% relevant and matters.
cedws 14 hours ago [-]
There's a lot going on with sandboxes and microVMs at the moment. I tried sbx but it seemed very agent oriented.
I'm most excited about Microsandbox[0]. They're working on an SDK-first experience so you can build whatever applications you want on top, agents just being just one possibility.
https://docs.docker.com/ai/sandboxes/
Not sure how well their work maps to sbx, but there has been multiple releases with features and improvements since then
I usually run OrbStack instead of Docker Desktop on my Mac (Docker Desktop is installed on my system, just not running) and when I tried running sbx, it ignored my OrbStack setup and auto-launched Docker Desktop's daemon instead.
If it's possible to bypass that and tell sbx to use OrbStack instead, I'd love to know how.
Podman can transparently start microVMs instead of local containers via libkrun as well, which does support Linux: https://josecastillolema.github.io/podman-wasm-libkrun/
Docker can launch machines (linux vms) on Linux too, that is all they are doing here is launching a container instance separate Linux VM, vs the typical shared VM instance.
By default they don't do so on Linux because it has performance costs and consumes resources, but they fully support KVM[0].
I am not sure if it is a more optimized docker machine VM image or not, but it looks they are just recycling the old model with support for instance specific docker sockets.
I encourage people to try podman on windows/MacOS just because they will allow you to SSH into the machine `podman ssh` and let you pull back the covers on the black box.
But Docker/Podman/Rancher Desktop use the same methods.
[0]https://docs.docker.com/desktop/setup/install/linux/
This (MicroVMs) is also kind of what apple's container[1] tools do.
[1]: https://github.com/apple/container
I just followed Docker’s docs [0] to get Docker Desktop installed on Ubuntu.
Maybe I’m missing some specific point you’re making about some lower level detail, but they support and have instructions for Docker Desktop on Linux in their own docs.
[0] https://docs.docker.com/desktop/setup/install/linux/
On Linux, most people only install the Docker Engine, unless they want the GUI.
On MacOS or Windows you have to install Docker Desktop which spins up a VM running linux.
You installed Docker's "Docker Desktop" which will spin up that VM by default, but you would get better performance by using `docker context` and running natively.
Docker depends on Linux, specificly namespaces/unshare()/clone() etc..., that is why MacOS and Windows installs require desktop and spin up a VM by default.
But on Linux, containers with engine (native) are just processes.
Sorry if that isn't clear but I am actually unwilling to install docker desktop as podman fits my needs better and they conflict.
Even sandboxed agents usually have a lot of capabilities. Adding backdoors to code by installing breached packages, abusing some access tokens to cause harm, and much more.
> Adding backdoors to code by installing breached packages, abusing some access tokens to cause harm, and much more.
But it doesn’t mean stricter isolation (ie separate kernel space) is a bad thing. One less attack surface in other words. It’s 100% relevant and matters.
I'm most excited about Microsandbox[0]. They're working on an SDK-first experience so you can build whatever applications you want on top, agents just being just one possibility.
[0]: https://microsandbox.dev/