DEV Community

Lunran
Lunran

Posted on

How to Set Up a Sandbox Environment for GitHub Copilot CLI on Linux

#docker #linux #githubcopilot #sandbox

When running AI coding agents like GitHub Copilot CLI, isolation is key for security and keeping your host environment clean. While Docker Desktop provides a native Sandbox feature for Mac and Windows, Linux users often face different challenges.

In this post, I’ll share how to set up a robust sandbox environment for GitHub Copilot CLI on Linux, based on my recent experiments.

The Challenge

Official Docker Sandboxes are currently not supported on Linux.

To solve this, I used the following template:
henrybravo/docker-sandbox-run-copilot

Troubleshooting the Setup on Linux

When using the repository above on a Linux machine, you might encounter a few hurdles:

1. Quickstart Limitations

The "Option 1: Using Docker Sandbox" recommended in many guides is not applicable because the docker sandbox command is missing on Linux.

2. CRLF Line Ending Issues

If you try "Option 2: Using Docker Run (Standalone)", you might encounter errors because the entrypoint.sh file in some repositories is saved with Windows-style line endings (CRLF). Linux environments require LF.

3. The Solution: Local Build

To get everything working correctly:

  1. Clone the repository.
  2. Fix the line endings of entrypoint.sh (e.g., using dos2unix or your editor).
  3. Follow Option 3: Build Locally.

Persisting Session Data

By default, a sandbox environment is ephemeral. This means you lose your session information, such as planning results (plan.md) or research logs, once the container stops.

To fix this, you need to mount the state directory from your host to the container.

How to mount the session state:

Add a volume mount to your docker run command for the following path:
/home/agent/.local/state/.copilot

An example of complete commands:

docker ps -a --format '{{.Names}}' | grep -q "^copilot-container$" && \
docker start -ai copilot-container || \
docker run -it \
    --name copilot-container \
    -v $(pwd):/workspace \
    -v ./.copilot:/home/agent/.copilot \
    -e GITHUB_TOKEN=$GITHUB_TOKEN \
    copilot-sandbox \
    copilot --autopilot --yolo --model gpt-5.4
Enter fullscreen mode Exit fullscreen mode

Why not use the official Docker Sandbox?
Even on Mac, the current implementation of Docker Sandboxes does not support volume mounts or port forwarding. By using a standard Docker container approach on Linux (or Mac), you actually gain more flexibility in managing your data.

Conclusion

Setting up a sandbox for GitHub Copilot CLI on Linux requires a bit of manual tweaking—specifically handling line endings and choosing a local build over the automated sandbox commands. However, the ability to mount volumes and to use port forwarding currently makes this "manual" approach superior in some use cases.

References

Originally posted on Zenn.

Top comments (0)