Agent Sandboxing Deep Dive: Isolating Tool Execution with Docker

How OpenClaw's sandbox system works — from rootless containers to per-agent profiles, tool policies, and browser isolation.

Tags: security, sandbox, docker, isolation

Category: tutorial

Frequently Asked Questions

Do I need Docker installed to use OpenClaw?

No, Docker is optional. OpenClaw works fine without it — tool execution just happens directly on your host machine. Docker sandboxing adds an isolation layer for security, which is important if you're running untrusted code or sharing your agent with others.

What does the sandbox actually isolate?

The sandbox isolates exec tool calls (shell commands), browser sessions, and file system access. Each execution runs in a temporary container with limited permissions, no network access by default, and no access to your host files unless explicitly mounted.

Can the agent break out of the sandbox?

OpenClaw uses rootless Docker containers with strict seccomp profiles and no privileged capabilities. While no sandbox is 100% escape-proof, this setup makes breakout extremely difficult. The tool policy system adds another layer by restricting which commands can run at all.

How do tool policies work alongside sandboxing?

Tool policies define what actions the agent can take — which tools are available, what commands are allowed in exec, and whether elevated permissions are permitted. They work as a whitelist on top of sandboxing: even inside a sandbox, only policy-approved actions execute.