We Reverse-Engineered Docker Sandbox's Undocumented MicroVM API
yakkomajuri
76 points
13 comments
May 21, 2026
Related Discussions
Found 5 related stories in 82.7ms across 8,303 title embeddings via pgvector HNSW
- Show HN: Run coding agents in microVM sandboxes instead of your host machine phoenixranger · 54 pts · April 23, 2026 · 53% similar
- Show HN: Zeroboot – sub-millisecond VM sandboxes using CoW memory forking adammiribyan · 19 pts · March 17, 2026 · 53% similar
- Docker Offload redbell · 22 pts · April 05, 2026 · 52% similar
- Show HN: Sub-millisecond VM sandboxes using CoW memory forking adammiribyan · 106 pts · March 17, 2026 · 52% similar
- A decade of Docker containers zacwest · 269 pts · March 07, 2026 · 52% similar
Discussion Highlights (6 comments)
whimblepop
Kinda surprising that this doesn't support Linux. Podman can transparently start microVMs instead of local containers via libkrun as well, which does support Linux: https://josecastillolema.github.io/podman-wasm-libkrun/
nyrikki
> Docker Sandboxes require Docker Desktop 4.58+ on macOS or Windows. Linux is not supported since Docker Desktop uses platform-specific virtualization (Apple Virtualization.framework on macOS, Hyper-V on Windows). Docker can launch machines (linux vms) on Linux too, that is all they are doing here is launching a container instance separate Linux VM, vs the typical shared VM instance. By default they don't do so on Linux because it has performance costs and consumes resources, but they fully support KVM[0]. I am not sure if it is a more optimized docker machine VM image or not, but it looks they are just recycling the old model with support for instance specific docker sockets. I encourage people to try podman on windows/MacOS just because they will allow you to SSH into the machine `podman ssh` and let you pull back the covers on the black box. But Docker/Podman/Rancher Desktop use the same methods. [0] https://docs.docker.com/desktop/setup/install/linux/
pploug
This article is from February - we have since shipped the microvm sandbox engine as a seperate binary: sbx - no docker desktop required, small 50mb binary. https://docs.docker.com/ai/sandboxes/ Not sure how well their work maps to sbx, but there has been multiple releases with features and improvements since then
andix
Is a container breach really the relevant problem to solve for agents? VMs provide better isolation, that's true. But does it matter? Even sandboxed agents usually have a lot of capabilities. Adding backdoors to code by installing breached packages, abusing some access tokens to cause harm, and much more.
TheNightman
Sounds like https://github.com/apple/container
cedws
There's a lot going on with sandboxes and microVMs at the moment. I tried sbx but it seemed very agent oriented. I'm most excited about Microsandbox[0]. They're working on an SDK-first experience so you can build whatever applications you want on top, agents just being just one possibility. [0]: https://microsandbox.dev/