Sign in Subscribe
docker

Docker SBX v0.21.0: Network Policies, Linux Packaging, TUI Polish

Docker SBX v0.21.0 ships network policy deduplication, Linux standalone packaging, TUI animations, and multi-worktree support via --branch flag. Includes proxy fixes and credential handling improvements.

Docker SBX v0.21.0: Network Policies, Linux Packaging, TUI Polish

TL;DR

  • Network policy deduplication and default selection during sandbox creation
  • Linux packaging now available as standalone binary
  • TUI gets consistent styling, animations, and better terminal support (Warp included)
  • Worktree handling improved with --branch flag for multiple branches
  • Proxy and credential fixes across agents

New

  • Network policy deduplication — one rule per domain instead of duplicates, cleaner governance (#2025)
  • Default policy selection — sandboxes now prompt for network policy on creation (#1903)
  • policy reset command — restore default policies without manual intervention (#1848)
  • Linux standalone binary — packaging now available as a single executable for Linux deployments
  • TUI animations — dialog open/close/resize animations for smoother UX (#1918)
  • Warp terminal support — better terminal detection and spawn logic (#1898)
  • --branch flag — support multiple worktrees in a single sandbox (#1857)
  • rm --all command — remove all sandboxes in one operation (#1947)
  • Exit code 127sbx exec now returns proper exit code for missing binaries (#1911)
  • Ctrl+Z handling — suspend sbx process without terminating (#1676)
  • Dots in sandbox names — Docker network name sanitization allows special characters (#1972)
  • Configurable DinD volume size — set Docker-in-Docker volume via environment variable (#1834)

Fixed

  • Removed *.googleapis.com wildcard from service detector to prevent overly broad rules (#1999)
  • Codex allowedDomains no longer leak into all sandboxes (#2011)
  • CIDR check skipped for allowed domain hosts in governance engine (#1860)
  • SSL certificate environment variables (SSL_CERT_FILE, NODE_EXTRA_CA_CERTS, REQUESTS_CA_BUNDLE) now point to full CA bundle (#1883)
  • Mouse hitboxes in credential creation dialog fixed (#1884)
  • Double policy prompt on policy reset after sign-out eliminated (#1998)
  • Spurious warning when setting secret with daemon stopped silenced (#1902)
  • Sandbox reuse prevention when directories share the same basename (#1973)

Breaking Changes

  • reset --preserve-credentials renamed to --preserve-secrets (#1960, #1986) — update scripts accordingly
  • NoWorktree is now the default in TUI (#1882) — explicit worktree selection required if needed

Update: docker pull docker/sbx:v0.21.0 or download the Linux standalone binary from the release page.

Source: Docker

Read next