Tools

Tools: How to Set Up a Sandbox Environment for GitHub Copilot CLI on Linux

2026-03-22 0 views admin
Tools: How to Set Up a Sandbox Environment for GitHub Copilot CLI on Linux

The Challenge

Troubleshooting the Setup on Linux

1. Quickstart Limitations

2. CRLF Line Ending Issues

3. The Solution: Local Build

Persisting Session Data

How to mount the session state:

Conclusion

References When running AI coding agents like GitHub Copilot CLI, isolation is key for security and keeping your host environment clean. While Docker Desktop provides a native Sandbox feature for Mac and Windows, Linux users often face different challenges. In this post, I’ll share how to set up a robust sandbox environment for GitHub Copilot CLI on Linux, based on my recent experiments. Official Docker Sandboxes are currently not supported on Linux. To solve this, I used the following template:

henrybravo/docker-sandbox-run-copilot When using the repository above on a Linux machine, you might encounter a few hurdles: The "Option 1: Using Docker Sandbox" recommended in many guides is not applicable because the docker sandbox command is missing on Linux. If you try "Option 2: Using Docker Run (Standalone)", you might encounter errors because the entrypoint.sh file in some repositories is saved with Windows-style line endings (CRLF). Linux environments require LF. To get everything working correctly: By default, a sandbox environment is ephemeral. This means you lose your session information, such as planning results (plan.md) or research logs, once the container stops. To fix this, you need to mount the state directory from your host to the container. Add a volume mount to your docker run command for the following path:/home/agent/.local/state/.copilot An example of complete commands: Why not use the official Docker Sandbox?

Even on Mac, the current implementation of Docker Sandboxes does not support volume mounts or port forwarding. By using a standard Docker container approach on Linux (or Mac), you actually gain more flexibility in managing your data. Setting up a sandbox for GitHub Copilot CLI on Linux requires a bit of manual tweaking—specifically handling line endings and choosing a local build over the automated sandbox commands. However, the ability to mount volumes and to use port forwarding currently makes this "manual" approach superior in some use cases. Originally posted on Zenn. Templates let you quickly answer FAQs or store snippets for re-use. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse

Command

Copy

$ -weight: 500;">docker ps -a --format '{{.Names}}' | grep -q "^copilot-container$" && \ -weight: 500;">docker -weight: 500;">start -ai copilot-container || \ -weight: 500;">docker run -it \ --name copilot-container \ -v $(pwd):/workspace \ -v ./.copilot:/home/agent/.copilot \ -e GITHUB_TOKEN=$GITHUB_TOKEN \ copilot-sandbox \ copilot --autopilot --yolo --model gpt-5.4 -weight: 500;">docker ps -a --format '{{.Names}}' | grep -q "^copilot-container$" && \ -weight: 500;">docker -weight: 500;">start -ai copilot-container || \ -weight: 500;">docker run -it \ --name copilot-container \ -v $(pwd):/workspace \ -v ./.copilot:/home/agent/.copilot \ -e GITHUB_TOKEN=$GITHUB_TOKEN \ copilot-sandbox \ copilot --autopilot --yolo --model gpt-5.4 -weight: 500;">docker ps -a --format '{{.Names}}' | grep -q "^copilot-container$" && \ -weight: 500;">docker -weight: 500;">start -ai copilot-container || \ -weight: 500;">docker run -it \ --name copilot-container \ -v $(pwd):/workspace \ -v ./.copilot:/home/agent/.copilot \ -e GITHUB_TOKEN=$GITHUB_TOKEN \ copilot-sandbox \ copilot --autopilot --yolo --model gpt-5.4 - Clone the repository. - Fix the line endings of entrypoint.sh (e.g., using dos2unix or your editor). - Follow Option 3: Build Locally. - -weight: 500;">docker-sandbox-run-copilot (GitHub) - Docker Sandbox Feedback - Issue #73 (Mounting directories)

🏷️ Tags

toolsutilitiessecurity toolssandboxenvironmentgithubcopilotlinux

More from Tools

Tools: Gas-Aware Trading: Execute Only When Gas Is Cheap (2026)

Tools: Gas-Aware Trading: Execute Only When Gas Is Cheap (2026)

2026-03-30 0
Tools: Grafana k6 Has a Free API That Load Tests Your APIs With JavaScript - Full Analysis

Tools: Grafana k6 Has a Free API That Load Tests Your APIs With JavaScript - Full Analysis

2026-03-30 0
Tools: Caddy Has a Free API That Gives You Automatic HTTPS With Zero Configuration (2026)

Tools: Caddy Has a Free API That Gives You Automatic HTTPS With Zero Configuration (2026)

2026-03-30 0
Tools: Fly.io Has a Free API That Deploys Docker Apps Globally With Edge Hosting (2026)

Tools: Fly.io Has a Free API That Deploys Docker Apps Globally With Edge Hosting (2026)

2026-03-30 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views