let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(security): explain sandboxing options

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-06 18:23:53 +01:00
parent 94e300fde5
commit 8d9b2208d5
3 changed files with 49 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/docker.md
View File

@@ -88,7 +88,7 @@ container. The gateway stays on your host, but the tool execution is isolated:
- Workspace per session under `~/.clawdbot/sandboxes`
- Auto-prune: idle > 24h OR age > 7d
- Network: `none` by default (explicitly opt-in if you need egress)
- Default allow: `bash`, `process`, `read`, `write`, `edit`
- Default allow: `bash`, `process`, `read`, `write`, `edit`, `sessions_list`, `sessions_history`, `sessions_send`, `sessions_spawn`
- Default deny: `browser`, `canvas`, `nodes`, `cron`, `discord`, `gateway`
### Enable sandboxing