惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园_首页
阮一峰的网络日志
阮一峰的网络日志
S
Secure Thoughts
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Threat Research - Cisco Blogs
P
Privacy & Cybersecurity Law Blog
The Hacker News
The Hacker News
H
Heimdal Security Blog
W
WeLiveSecurity
L
LINUX DO - 热门话题
Hacker News: Ask HN
Hacker News: Ask HN
WordPress大学
WordPress大学
The Last Watchdog
The Last Watchdog
Hugging Face - Blog
Hugging Face - Blog
博客园 - 【当耐特】
D
DataBreaches.Net
I
Intezer
Webroot Blog
Webroot Blog
C
Cisco Blogs
AWS News Blog
AWS News Blog
博客园 - 聂微东
T
The Blog of Author Tim Ferriss
V
Vulnerabilities – Threatpost
罗磊的独立博客
Google DeepMind News
Google DeepMind News
N
Netflix TechBlog - Medium
Schneier on Security
Schneier on Security
宝玉的分享
宝玉的分享
博客园 - 叶小钗
PCI Perspectives
PCI Perspectives
D
Docker
Scott Helme
Scott Helme
NISL@THU
NISL@THU
J
Java Code Geeks
B
Blog RSS Feed
Google Online Security Blog
Google Online Security Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
The Exploit Database - CXSecurity.com
AI
AI
美团技术团队
Cloudbric
Cloudbric
月光博客
月光博客
P
Proofpoint News Feed
T
Tailwind CSS Blog
Google DeepMind News
Google DeepMind News
小众软件
小众软件
www.infosecurity-magazine.com
www.infosecurity-magazine.com
The Cloudflare Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org

Danb Blog

Cheaper Sodastream Gas with a Big Tank June 2026: What I've Been Working On · Danb Blog Running Snyk On Forgejo/Codeberg Actions · Danb Blog Tuta & Proton: An Open Source Client Does Not Result in an Open Source Service · Danb Blog May 2026: What I've Been Working On · Danb Blog 3D Printing Parts for my Greenhouse, Round 2 · Danb Blog Great Devices: Nexus 7 2013 · Danb Blog R36S Console RetroArch Stuck Menu Issue · Danb Blog April 2026: What I've Been Working On · Danb Blog Games Played in 2025 · Danb Blog March 2026: What I've Been Working On · Danb Blog Shivam Mathur's "node-docker" Images are Awesome for PHP CI · Danb Blog February 2026: What I've Been Working On · Danb Blog Your BookStackApp project was assigned as a project for my Software Architecture course · Danb Blog My Sovol SV08 3D Printer Setup in 2026 · Danb Blog January 2026: What I've Been Working On · Danb Blog Epson Printer: The administrator password you entered was not recognized · Danb Blog Pressure to Follow Process · Danb Blog Online Shopping Email Notifications · Danb Blog My HomeLab Setup in 2026 · Danb Blog Linux Label Printing with the Phomemo D30 · Danb Blog Reporting to the CMA: Google Android Developer Verification · Danb Blog OPNsense & Dnsmasq: Responding with specific DNS servers · Danb Blog An Impromptu Introduction to ZFS Drive Replacement at 1am · Danb Blog Experience with UK Medical Cannabis for Ankylosing Spondylitis · Danb Blog Copyright Takedown for Linking to the "State of Open Source" Report · Danb Blog No, Gumroad Did Not Become Open Source Today · Danb Blog Scripting Monitors (KDE on Fedora) · Danb Blog Amber flags in Open Source & Self-Hosted Projects · Danb Blog LLMs are Directing Open Source Licensing · Danb Blog Games Played in 2024 · Danb Blog Beware of Poison in the Source · Danb Blog Common Misconceptions of the AGPL · Danb Blog Adapting GitHub action PHPUnit tests for Codeberg/Forgejo · Danb Blog Lessons from the Allotment · Danb Blog Futo, Please don't attempt to create your own Open Source Definition · Danb Blog Material You (Dynamic/Adaptive) Colors in Legacy Android Apps · Danb Blog Scripting Monitors (Gnome & Wayland on Fedora) · Danb Blog Retaining a Greenhouse Roof with 3d Printing · Danb Blog Games Played in 2023 · Danb Blog Lessons From Growing Food Indoors · Danb Blog Why the Distinction Between "Open Source" and "Source Available" is Important · Danb Blog Raspberry Pi Camera Module 3 Timelapse · Danb Blog Removing the Rear Seats on a Volvo C30 · Danb Blog Reporting Google's WEI to the CMA · Danb Blog Controlling Default GRUB Boot Option via USB · Danb Blog Creating a Video Home for FOSS Projects · Danb Blog Paying for Search · Danb Blog My Favourite Static Site Deploy Method · Danb Blog PhpStorm (JetBrains IDE) 2023 Linux Scaling · Danb Blog Synology Hibernation with Active Backup for Business and Tailscale · Danb Blog My 2023 HomeLab Setup · Danb Blog Redefining Open Source via "Commercial Open Source" · Danb Blog Moving to Mastodon · Danb Blog Gaining Sponsors · Danb Blog "This is a Low Maintenance Project" · Danb Blog Upgrading my CPU, Ryzen 2600 to 5800x · Danb Blog Migrating Google Photos to my Personal NAS · Danb Blog Scheduling Proxmox Storage to Reduce Disk Activity · Danb Blog Why the Term "Open Source" is Important · Danb Blog Lessons From Working for Myself (9 Months In) · Danb Blog Misrepresenting Open Source for Business Benefit · Danb Blog Cat Images in WebP · Danb Blog My 2022 Workstation Setup · Danb Blog Leaving my Job to Focus on Open Source (For a bit) · Danb Blog Quickly Getting Placeholder Images With Unsplash Source · Danb Blog A Thanks to Laravel for the LTS Releases · Danb Blog A Quick Overview of Unix-Style Permissions · Danb Blog The Power of currentColor · Danb Blog Dealing With Ankylosing Spondylitis Flareups · Danb Blog Hugo Verbose Dates With Suffixes · Danb Blog
Basic OpenCode Sandboxing with Docker · Danb Blog
2026-05-01 · via Danb Blog

I’ve been playing with OpenCode as a way to test different models, play with self-hosted models and to avoid reliance on big tech provided systems. With these kinds of tools, I’m not keen on giving it free access to all my files. Therefore, I came up with a simple little docker based setup so that OpenCode’s access is limited somewhat.

Note: I am not a security expert and this kind of setup does not assure any kind of absolute sandboxing or security.

Here’s the Dockerfile:

FROM node:24-trixie

RUN npm install -g opencode-ai

RUN mkdir -p /home/node/.local/share/opencode \
             /home/node/.local/state/opencode \
             /home/node/.cache/opencode \
    && chown -R node:node /home/node

ENTRYPOINT ["opencode"]

This installs OpenCode within a Debian Trixie-based image with Node.js installed.

Build that from the same directory using docker build -t local:opencode . and then create the following bash script as opencode, located somewhere in your $PATH:

#!/usr/bin/env bash

set -euo pipefail

CWD="$(pwd)"

# Check if CWD is under /home/ and at least 3 levels deep (e.g. /home/user/project/subdir)
is_valid_path() {
    local path="$1"
    # Must start with /home/
    [[ "$path" == /home/* ]] || return 1
    # Strip /home/ prefix and count remaining components
    local relative="${path#/home/}"
    # Count slashes to determine depth (need at least 2 more levels after /home/)
    local depth
    depth=$(echo "$relative" | tr -cd '/' | wc -c)
    [[ "$depth" -ge 2 ]] || return 1
}

if is_valid_path "$CWD"; then
    CONTAINER_WORKDIR="/app${CWD}"
else
    # Construct a fallback path at least 3 levels deep under /home/
    USER_NAME="${USER:-node}"
    PROJECT_NAME="$(basename "$CWD")"
    TIMESTAMP="$(date '+%Y_%m_%d-%H%M%S')"
    FALLBACK="/home/${USER_NAME}/Projects/scratch/opencode-${TIMESTAMP}"
    CONTAINER_WORKDIR="/app${FALLBACK}"
    CWD="${FALLBACK}"

    echo ""
    echo -e "\033[31mNot in a safe project directory.\033[0m"
    echo "Starting OpenCode in a fallback temp directory: ${FALLBACK}"
    mkdir -p "${FALLBACK}"
    echo -n "Loading"
    for i in $(seq 1 50); do
        echo -n "."
        sleep 0.06
    done
    echo ""
fi

exec docker run --rm -it \
    --user "$(id -u):$(id -g)" \
    -v "$HOME/.config/opencode:/home/node/.config/opencode" \
    -v "$HOME/.cache/opencode:/home/node/.cache/opencode" \
    -v "$HOME/.local/share/opencode:/home/node/.local/share/opencode" \
    -v "$HOME/.local/state/opencode:/home/node/.local/state/opencode" \
    -v "${CWD}:${CONTAINER_WORKDIR}" \
    -w "${CONTAINER_WORKDIR}" \
    -p "127.0.0.1:4040:4040" \
    --security-opt=no-new-privileges \
    --cap-drop all \
    local:opencode "--port" "4040" "--hostname" "0.0.0.0" "$@"

This script runs the container, running OpenCode as the same user/group ID as the host user. All the OpenCode config/cache/state directories are passed through to retain sessions/login/state between sessions. Then the current working directory is mapped into the container at /app$(pwd). I include the /app prefix to contain working data to a specific place inside the container.

UPDATE - 2026-05-13

I’ve added some checks to the script to ensure that OpenCode is being opened in a likely project dir, nested with the user’s home dir. This is to help avoid accidentally opening it in a folder which will provide a wider scope of user files (like the entire home directory). If opened outside such a folder, it creates and uses a ~/Projects/scratch/opencode-DATETIME folder instead. Some docker options have been added/tweaked to improve sandboxing.

Port 4040 is passed through between host and container, which is set for OpenCode on the next line, along with a 0.0.0.0 hostname. These are to allow the web UI to be accessed via http://localhost:4040 on the host. Lastly, it runs the container using the local:opencode tag we built it with, setting those web server UI options and then it passes any extra options which the user provided when running the bash script.

Make the script executable with chmod +x opencode. Then, with the script in your $PATH somewhere, you should be able to run opencode to start the docker-based OpenCode in your current working directory. In the bottom left corner you should see the path starting with /app/

To re-iterate, this does not assure security in any way, and there may be better options elsewhere such as in this thread but for me I wanted a setup which was simple, using the tools I’m familiar with, which should cover my greatest concern (unrestricted access to my files). Your concerns & considerations may differ.

UPDATE - 2026-05-13

Michael Lynch provided a good suggestion of using rootless Podman to improve security further, which is a great idea if you’re not married to traditional docker.

There may also be limitations/complications/side-effects with this kind of setup, I’m still in the early stages of testing it.

I did try to initially use “Docker Sandboxes”, but I abandoned this route when it required me to accept non-open terms when following their usage guide. From what I can see at a glance, this is a proprietary service/offering.