Volumes - microsandbox

Volumes give a sandbox direct filesystem access to host-side storage or in-memory filesystems. They’re useful for persisting data across restarts, sharing data between sandboxes, or mounting host data into the guest. They’re also significantly faster than the filesystem API (which transfers files individually), so for anything beyond ad-hoc reads and writes, volumes are the way to go. microsandbox supports four types of mounts: bind mounts, named volumes, tmpfs, and disk-image volumes. Mounts use normal Linux behavior by default: writable, executable, suid-enabled, and device-enabled. Adjust with:

readonly / ro when the guest should not write to the mount.
noexec when files on the mount should not be executed directly.
nosuid when setuid/setgid bits should be ignored.
nodev when device files should be ignored.

noexec does not stop interpreters from reading scripts from the mount, for example sh /app/src/script.sh. For stronger in-guest hardening, create the sandbox with the restricted security profile. Restricted sandboxes set no_new_privs, drop mount-admin capability from user commands, and force nosuid,nodev on user mounts. This profile is incompatible with workloads such as sudo and Docker-in-Docker. CLI mount flags use SOURCE:DEST[:OPTIONS]. The : before OPTIONS starts the option block, and commas separate options inside that block.

Flag	Source	Options
`--mount-dir`	Host directory	`ro`, `rw`, `noexec`, `nosuid`, `nodev`, `stat-virt=strict\|relaxed\|off`, `host-perms=private\|mirror`
`--mount-file`	Host file	`ro`, `rw`, `noexec`, `nosuid`, `nodev`, `stat-virt=strict\|relaxed\|off`, `host-perms=private\|mirror`
`--mount-named`	Named volume	`ro`, `rw`, `noexec`, `nosuid`, `nodev`, `kind=dir\|disk`, `size=<size>` for `kind=disk`, `quota=<size>` for directory volumes; directory-backed named volumes also support `stat-virt=strict\|relaxed\|off`, `host-perms=private\|mirror`
`--mount-disk`	Host disk image	`ro`, `rw`, `noexec`, `nosuid`, `nodev`, `format=raw\|qcow2\|vmdk`, `fstype=<type>`
`--tmpfs`	Guest path	`ro`, `rw`, `noexec`, `nosuid`, `nodev`; size may be passed as `PATH:SIZE[:OPTIONS]`

Bind mounts

Mount a directory from the host directly into the sandbox. Changes inside the sandbox are reflected on the host, and vice versa.

let sb = Sandbox::builder("dev")
    .image("python")
    .volume("/app/src", |v| v.bind("./src").readonly().noexec())
    .volume("/app/data", |v| v.bind("./data"))
    .create()
    .await?;

Use --mount-file when you want to bind one host file instead of an entire directory.

msb create alpine --name config-reader \
  --mount-file ./config.toml:/etc/app/config.toml:ro,nodev

Named volumes

microsandbox manages named volumes and stores them by default under ~/.microsandbox/volumes/<name>/. They persist independently of any sandbox, so you can create a volume, populate it, and mount it into different sandboxes over time. Named volumes can be directory-backed or disk-backed. Directory volumes mount through virtiofs. Disk volumes are raw ext4 disk images managed by microsandbox and mount through virtio-blk. CLI named mounts are idempotent. -v name:/path and --mount-named name:/path create a directory-backed named volume if it does not already exist, then mount it. If the volume already exists, microsandbox reuses it when the requested storage settings are compatible and errors when they are not. Use --mount-named name:/path:kind=disk,size=20G to create or reuse a disk-backed named volume from the mount flag itself. SDK named(...) mount helpers are existing-only. They fail if the named volume does not already exist. Use each SDK’s explicit named-volume mode API when you want sandbox creation to create or ensure the volume.

Create a volume

let cache = Volume::builder("pip-cache")
    .create()
    .await?;

Create a disk-backed named volume when a workload needs a real guest block filesystem, such as Docker’s data root:

let docker_data = Volume::builder("docker-data")
    .disk()
    .size(20.gib())
    .create()
    .await?;

Mount in a sandbox

let sb = Sandbox::builder("worker")
    .image("python")
    .volume("/root/.cache/pip", |v| v.named(cache.name()))
    .create()
    .await?;

The CLI command above creates pip-cache as a directory-backed named volume if it is missing. To create or reuse a disk-backed named volume while mounting it:

msb create docker:dind --name docker-demo \
  --mount-named docker-data:/var/lib/docker:kind=disk,size=20G

Mount the same directory-backed named volume into multiple sandboxes when they need to share files. Use readonly on consumers that should not write. Disk-backed named volumes are attached as block devices; use one writable sandbox at a time, or read-only mounts where sharing is intended. Directory-backed named volumes are also accessible from the host without a running sandbox, so you can pre-populate a cache or inspect output after the sandbox stops. Disk-backed named volumes store guest data inside disk.raw; host filesystem helpers operate on the managed volume directory, not the filesystem inside the disk image.

Manage volumes

let volumes = Volume::list().await?;
Volume::remove("old-cache").await?;

Disk-image volumes

Disk-image volumes attach a host disk image as a virtio-blk device and mount its inner filesystem at a guest path. Use them when you want persistent state isolated from ordinary host filesystem metadata, or when distributing a prebuilt filesystem image. The disk format defaults from the file extension (.qcow2, .raw, .vmdk; otherwise raw), and the inner filesystem type is auto-detected unless you set fstype.

let sb = Sandbox::builder("seeded")
    .image("alpine")
    .volume("/seed", |v| v.disk("./seed.raw").readonly().noexec())
    .create()
    .await?;

Tmpfs

An in-memory filesystem that disappears when the sandbox stops. Useful for scratch space, build artifacts, or anything that doesn’t need to outlive the sandbox.

let sb = Sandbox::builder("worker")
    .image("alpine")
    .volume("/tmp/scratch", |v| v.tmpfs().size(100).noexec())
    .create()
    .await?;

Combining mounts

Mount flags may be repeated, so a sandbox can combine host directories, individual files, named volumes, disk images, and tmpfs scratch space.

let sb = Sandbox::builder("full")
    .image("python")
    .volume("/app/src", |v| v.bind("./src").readonly().noexec())
    .volume("/app/pyproject.toml", |v| v.bind("./pyproject.toml").readonly())
    .volume("/root/.cache/pip", |v| {
        v.named("pip-cache")
            .stat_virtualization(StatVirtualization::Relaxed)
    })
    .volume("/dataset", |v| {
        v.disk("./dataset.qcow2")
            .format(DiskImageFormat::Qcow2)
            .fstype("ext4")
            .readonly()
    })
    .volume("/tmp", |v| v.tmpfs().size(1024).noexec().nosuid().nodev())
    .create()
    .await?;

​Bind mounts

​Named volumes

​Create a volume

​Mount in a sandbox

​Sharing and host-side access

​Manage volumes

​Disk-image volumes

​Tmpfs

​Combining mounts