Docker v0.30.0-rc1: Sandbox Profiles & Networking Fixes

TL;DR

• Sandbox profiles with multi-policy support — configure governance before login
• Networking improvements: per-sandbox hostname tracking and dual loopback stack binding
• Kits now re-run startup commands on every container start and show in AI files
• Workspace/worktree deletion no longer breaks sandbox recovery

New

• Sandbox profiles with multi-policy support — operators can now define reusable governance postures per sandbox and configure policy before login
• Per-sandbox hostname tracking — gVisor SwapStubResolver enables proper hostname resolution isolation across sandboxes
• Dual loopback stack binding — both loopback stacks bind by default on publish for better networking consistency
• Kit startup command re-execution — commands.startup now runs on every container start instead of once
• Per-kit memory files — each kit can supply its own progressive-disclosure memory file for better context management
• Installed kits enumeration — kits now appear in the AI file Kits section automatically
• Daemon logging — shim and vmm logs are now captured into daemon.log

Fixed

• Sandboxes remain recoverable when workspace or worktree is deleted on the host
• macOS /private path compatibility for worktrees with --branch
• Implicit run options no longer override explicit user arguments
• Runtime ID sanitization when looking up gVisor network
• Raw TCP to host.docker.internal now allowed when localhost is permitted
• "Git repository detected" message prints once instead of repeatedly with --branch
• Sentinel connection opened in cp and kit add to prevent auto-stop race conditions
• Removed redundant ContainerKill before ContainerRemove
• Docker daemon startup time now reported correctly instead of pre-start message

Update: docker pull docker/sbx:v0.30.0-rc1 or check the release page for your platform.

Source: Docker