Docs: expand sandbox guide for common image and Docker bootstrap

2026-03-12 07:20:45 +00:00 · 2026-03-01 23:16:00 -08:00
parent c00d5837d3
commit f4785c1a7b
1 changed files with 15 additions and 0 deletions
--- a/docs/gateway/sandboxing.md
+++ b/docs/gateway/sandboxing.md
@@ -129,6 +129,16 @@ other runtimes), either bake a custom image or install via
 `sandbox.docker.setupCommand` (requires network egress + writable root +
 root user).

+If you want a more functional sandbox image with common tooling (for example
+`curl`, `jq`, `nodejs`, `python3`, `git`), build:
+
+```bash
+scripts/sandbox-common-setup.sh
+```
+
+Then set `agents.defaults.sandbox.docker.image` to
+`openclaw-sandbox-common:bookworm-slim`.
+
 Sandboxed browser image:

 ```bash
@@ -147,6 +157,11 @@ Security defaults:
 Docker installs and the containerized gateway live here:
 [Docker](/install/docker)

+For Docker gateway deployments, `docker-setup.sh` can bootstrap sandbox config.
+Set `OPENCLAW_SANDBOX=1` (or `true`/`yes`/`on`) to enable that path. You can
+override socket location with `OPENCLAW_DOCKER_SOCKET`. Full setup and env
+reference: [Docker](/install/docker#enable-agent-sandbox-for-docker-gateway-opt-in).
+
 ## setupCommand (one-time container setup)

 `setupCommand` runs **once** after the sandbox container is created (not on every run).