runsc). Docker is not installed automatically — you install it yourself after the sandbox is ready, then start dockerd with a small bootstrap script so nested containers work.
When to use this recipe
- Spinning up Postgres, Redis, or other services with
docker composeduring a test run. - Letting an agent build and run containers without host Docker access.
- Prototyping a multi-service setup in a disposable environment.
Prerequisites
- A Brimble account with sandbox access and
BRIMBLE_SANDBOX_KEYset. - The SDK installed (see SDKs).
- Outbound network for pulling packages and images (
egress.modedefaults toopen). - A Debian/Ubuntu template such as
ubuntu-24,node-22, orpython-3.12(images must haveapt). - 1 GB+ RAM recommended (
specs.memory: 1024or higher).
Why a custom dockerd startup?
A plain apt install docker.io plus default dockerd often fails inside gVisor with overlay mount errors. Use a startup script that:
- Mounts tmpfs on
/var/lib/docker— avoidsoverlay: invalid argumentwhen pulling and running images. - Runs
dockerdwith--iptables=falseand--ip6tables=false— Docker does not manage iptables inside the sandbox; you set SNAT manually instead. - Passes
--feature containerd-snapshotter=falseon Docker ≥ 29 — the default containerd snapshotter does not work in gVisor; the legacy storage path does.
start-dockerd.sh inside the sandbox (for example under /usr/local/bin/):
start-dockerd.sh
Recipe
Create a sandbox, install Docker, upload the script, start the daemon, then run a container.exec requests accept timeout_seconds between 1 and 300. Split long apt-get runs or re-run install if needed.Without uploading a file
You can inline the same steps with shellexec if you prefer not to upload start-dockerd.sh:
What’s happening
create. Blocks until the sandbox VM isready(gVisor container running, no Docker yet).apt-get install docker.io. Installs the Docker engine and CLI on Debian/Ubuntu.start-dockerd.sh. Mounts tmpfs on/var/lib/docker, configures SNAT for outbound traffic, and startsdockerd --iptables=false --ip6tables=falsewith--feature containerd-snapshotter=falsewhen Docker is version 29 or newer.docker run. Talks to the local daemon over/var/run/docker.sockinside the sandbox.--network=host. Port mapping via-pis not supported inside sandboxes — bind on the host network instead when exposing services.
dockerd — the daemon does not persist across resume.
Limitations
- Template OS: agent-only images (for example
codex,bun-1) may not haveapt; useubuntu-24,node-22, orpython-3.12. - Port mapping: use
--network=host, not-p/--expose. - Install time: first
apt-get installcan take several minutes; use the maximumtimeout_seconds(300) per exec call. - Performance: nested containers are slower than running Docker on a bare VM.
- Resume: after pause/resume, run the install and
start-dockerd.shsteps again.
Next steps
- Run untrusted code — deny egress and run a single snippet instead.
- Run an AI coding agent — combine Docker with an agent workflow.
- Network egress — restrict outbound access when pulling images from private registries.
- Sandboxes overview — lifecycle, billing, and network egress.