ond.AU
(c) 2025
SYD 00:00:00

PLAYGROUND

Sandbox creator and manager that creates safe environments to run Code, Scripts and Applications.

UI marker: standalone-source-v1
Build: loading...
Paths: loading...
process isolation env scrub workdir lock limits network toggle
Question
Answer Sources
Run in sandbox
Uses firejail/sandbox-exec when present.
Docker Container Manager (local, offline)
Docker: checking...
Suggested host port: -
Adds: host:container/tcp
Pull requires internet. Offline use: Import Image.
QEMU VM Manager (local, offline)
QEMU: checking...
Short ID used to start/stop the VM (e.g., ubuntu-vm).
Recommended: 4096 for Ubuntu desktop. Minimum 2048.
Recommended: 2 or 4. More cores = faster install.
Where Ubuntu is installed. Example: data\\vms\\ubuntu.qcow2.
Recommended: 4060 GB for Ubuntu desktop.
Ubuntu ISO path, e.g. C:\\Users\\camea\\Downloads\\ubuntu-22.04.5-desktop-amd64.iso.
When checked, the last ISO path is reused automatically.
Leave blank for Ubuntu desktop. Use only for web apps.
Suggested host port: -
Sets: tcp::host-:guest
SDL is easiest for installs. Headless is advanced.
Display opens in a separate window when using SDL/Spice.
System Meters
CPU (System)
CPU (App)
RAM (System)
RAM (App)
Temp
Sandbox tutorial (how and why)

What is a sandbox?

A sandbox is a controlled environment for running apps and commands with limits. It helps reduce risk by containing files, limiting resources, and keeping behavior predictable.

Why use it?

Use sandboxes to test tools, scripts, or apps safely. You can lock the working directory, scrub the environment, and set CPU/memory/time limits.

Quick start

  1. Click New Sandbox and set a working directory.
  2. Set limits and network preference.
  3. Click Test Sandbox to run a safe echo.

Key concepts

  • Workdir lock keeps runs inside the folder you choose.
  • Env scrub removes sensitive environment variables.
  • Limits cap time and memory (CPU is advisory).

Hardening (optional)

Enable OS hardening to use stronger isolation when supported. On Windows we use Job Objects; on Linux/macOS it uses firejail or sandbox-exec if installed.

Example app: OND.AU Text Editor

Coming soon. This will be a small text editor used as a safe demo app in the sandbox runner. For now, use the Test Sandbox button.

Placeholder command: echo ond.au editor
Container tutorial + controls (Docker)

How it works

This manager talks to your local Docker Engine using the open-source Docker CLI. It does not pull images from the internet unless you run docker pull yourself.

Required

Install Docker Engine (Community) and ensure docker.exe is in PATH. Containers run locally and offline.

Controls

  • Create container (docker create)
  • Start/Stop container (docker start/stop)
  • Delete container (docker rm)
  • Rename (docker rename)
  • Logs (docker logs)
  • Exec (docker exec)
  • Attach (read-only logs)
  • Compose up/down (docker compose)
  • Import/Export images (docker load/save)
  • List images and containers
  • Ports, env vars, volumes, limits

Command reference

docker images, docker ps -a, docker create, docker start, docker stop, docker rm, docker rename, docker logs, docker exec, docker compose, docker load, docker save

Licensing

This tool uses Docker Engine (Community) / Moby and the Docker CLI, which are open source. No proprietary online services are required.

Roadmap

Baseline isolation

Process isolation, env scrub, workdir lock, time and memory limits, optional network off.

OS hardening later

Linux: bubblewrap/firejail. macOS: sandbox-exec. Windows: Job Objects/AppContainer.

Run API

runCommandInSandbox(id, command, args, options) -> stream output to UI.