docs: Add instructions for running Docker without socket mount#227
Closed
docs: Add instructions for running Docker without socket mount#227
Conversation
Add documentation for running OpenHands in Docker without mounting the Docker socket by using the Local/Process Runtime (RUNTIME=local). This addresses issue #1563 in OpenHands/OpenHands which requested a way to run OpenHands without granting access to the Docker socket. Changes: - local-setup.mdx: Add Option 3 for Docker without socket - local.mdx: Update prerequisites and add section for running inside Docker Co-authored-by: openhands <openhands@all-hands.dev>
Also reorganize the 'Docker Without Socket' section to show both options: - Process Runtime (local execution, no sandbox isolation) - Remote Runtime (cloud execution, full sandbox isolation) Co-authored-by: openhands <openhands@all-hands.dev>
2 tasks
- Update overview.mdx to frame options as sandbox types (Docker sandbox, cloud, no sandbox) - Simplify local-setup.mdx to point to Runtimes docs for alternative sandbox options - Update local.mdx to clarify tmux requirement and Docker image limitations - Use consistent terminology: 'sandbox' instead of 'Docker socket' Co-authored-by: openhands <openhands@all-hands.dev>
- Add note explaining Docker socket requirement and alternatives - Add section about Apptainer as a potential community contribution - Apptainer can provide sandboxed execution without daemon socket exposure Co-authored-by: openhands <openhands@all-hands.dev>
The OpenHands SDK already has ApptainerWorkspace - link to it instead of suggesting it as a future contribution. Co-authored-by: openhands <openhands@all-hands.dev>
- Docker sandbox: DockerWorkspace example - Cloud sandbox: OpenHandsCloudWorkspace example - Local (no sandbox): agent server CLI and Workspace example - Apptainer sandbox: ApptainerWorkspace example All commands verified to work with the software-agent-sdk. Co-authored-by: openhands <openhands@all-hands.dev>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR adds documentation for running OpenHands in Docker without mounting the Docker socket by using the Local/Process Runtime (
RUNTIME=local).This addresses issue #1563 in OpenHands/OpenHands which requested a way to run OpenHands without granting access to the Docker socket for security reasons.
Changes
openhands/usage/run-openhands/local-setup.mdxRUNTIME=localopenhands/usage/runtimes/local.mdxRUNTIME=localRelated Issues
Testing
Documentation changes only - no code changes to test.
@neubig can click here to continue refining the PR