github/OpenHands
1
1
Fork 0
mirror of https://github.com/All-Hands-AI/OpenHands.git synced 2026-01-09 14:57:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

Update docs on why we use sandbox user (#7845)

Browse Source
This commit is contained in:
mamoodi
2025-04-14 11:01:35 -04:00
committed by GitHub
parent 1ff351a4f1
commit d820661592
5 changed files with 24 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/modules/usage/how-to/cli-mode.md
View File

@@ -50,3 +50,6 @@ docker run -it \
```
This command will start an interactive session in Docker where you can input tasks and receive responses from OpenHands.
The `-e SANDBOX_USER_ID=$(id -u)` is passed to the Docker command to ensure the sandbox user matches the host users
permissions. This prevents the agent from creating root-owned files in the mounted workspace.

3
docs/modules/usage/how-to/headless-mode.md
View File

@@ -47,6 +47,9 @@ docker run -it \
python -m openhands.core.main -t "write a bash script that prints hi"
```
The `-e SANDBOX_USER_ID=$(id -u)` is passed to the Docker command to ensure the sandbox user matches the host users
permissions. This prevents the agent from creating root-owned files in the mounted workspace.
## Advanced Headless Configurations
To view all available configuration options for headless mode, run the Python command with the `--help` flag.

4
docs/modules/usage/runtimes/docker.md
View File

@@ -35,8 +35,8 @@ A useful feature is the ability to connect to your local filesystem. To mount yo
Be careful! There's nothing stopping the OpenHands agent from deleting or modifying
any files that are mounted into its workspace.
This setup can cause some issues with file permissions (hence the `SANDBOX_USER_ID` variable)
but seems to work well on most systems.
The `-e SANDBOX_USER_ID=$(id -u)` is passed to the Docker command to ensure the sandbox user matches the host users
permissions. This prevents the agent from creating root-owned files in the mounted workspace.
## Hardened Docker Installation

15
docs/modules/usage/troubleshooting/troubleshooting.md
View File

@@ -20,3 +20,18 @@ Try these in order:
* If using Docker Desktop, ensure `Settings > Advanced > Allow the default Docker socket to be used` is enabled.
* Depending on your configuration you may need `Settings > Resources > Network > Enable host networking` enabled in Docker Desktop.
* Reinstall Docker Desktop.
### Permission Error
**Description**
On initial prompt, an error is seen with `Permission Denied` or `PermissionError`.
**Resolution**
* Check if the `~/.openhands-state` is owned by `root`. If so, you can:
* Change the directory's ownership: `sudo chown <user>:<user> ~/.openhands-state`.
* or update permissions on the directory: `sudo chmod 777 ~/.openhands-state`
* or delete it if you dont need previous data. OpenHands will recreate it. You'll need to re-enter LLM settings.
* If mounting a local directory, ensure your `WORKSPACE_BASE` has the necessary permissions for the user running
OpenHands.