This repository provides a sandboxed environment for running the opencode CLI tool inside a Podman container. It is designed to restrict local system and network access while providing a persistent configuration and isolated runtime.
- Podman Sandbox: Runs
opencodein an AlmaLinux-based container with strict resource limits (CPUs, memory, PIDs) and a read-only root filesystem. - Security & Privilege Drop: Drops all capabilities by default (
--cap-drop=ALL). The container'sentrypoint.shblocks access to local private IPv4 addresses (RFC 1918) via blackhole routing and drops remaining privileges usingsetpriv --no-new-privsbefore executing the CLI. - Workspace Mounting: Mounts the current working directory of the host into the container's
/workspace. Defaults to read-only (ro) mode, but can be configured as read-write via the-rwflag on the runner script. - State Persistence: Maintains
opencodestate and configurations locally using host-mounted volumes (state/,opencode.jsonc,opencode.gitignore) ensuring history and settings persist across container executions.
A Makefile is provided to build the container image and install the runner script.
make installThis will:
- Build the Podman image
opencode-sandboxusing theContainerfile. - Create the necessary
statedirectory. - Create a system symlink from
runner.shto/usr/local/bin/opencode(requires sudo).
Once installed, you can use the opencode command globally. It will execute within the Podman container, mounting your current directory.
# Run opencode with read-only access to the current directory
opencode
# Run opencode with read-write access to the current directory
opencode -rw [args...]