v0.8.1

This release makes writable sandboxes more predictable and improves compatibility with Docker-style networking inside the VM.

Highlights

• Writable root filesystems now have explicit behavior. Use rootfs.ephemeral() when you want disposable guest changes, and use a persistent writable rootfs when those changes should survive across runs.
• Docker's bridge networking startup path now has the kernel support it expects for common NAT and xtables rules, including addrtype, conntrack, comment, and masquerade matches.
• The release build now verifies embedded kernel artifacts before packaging, so locally built and published packages are less likely to carry stale guest kernels after a libkrunfw update.
• The vendored libkrun and libkrunfw forks have been refreshed to the current sandbox fork points.

Running Docker Successfully

For short-lived Docker work, start from an ephemeral rootfs with enough dirty capacity for /var/lib/docker, pulled image layers, package installs, and logs. If the writable budget is too small, Docker may start correctly but fail later while unpacking layers or creating containers.

If you need Docker state to survive between sandbox runs, use a persistent writable rootfs instead of rootfs.ephemeral().

When starting dockerd manually inside the guest, make sure the rootfs is writable and that the guest has the tools you expect in PATH. The built-in Alpine rootfs is intended to support common interactive and automation workflows, but daemon lifecycle is still your responsibility when you do not run it through an init/service manager.

Notes

This release does not change the public package split: @torkbot/sandbox continues to install the platform-specific host artifact as an optional dependency.