Describe the bug
https://github.blog/changelog/2026-06-02-cloud-and-local-sandboxes-for-github-copilot-now-in-public-preview/
Inside any Copilot session, enable sandboxing with /sandbox enable. Shell command execution initiated by Copilot for that session runs with restricted access to your filesystem, network, and system capabilities, so you can experiment with agentic workflows while staying in control of what Copilot can touch on your machine. Local sandboxing is built on Microsoft MXC technology for a consistent isolation experience across macOS, Linux, and Windows. Enterprise teams can also centrally configure and enforce local sandbox policies through Microsoft Intune and other MDM platforms. Local sandboxes are included in the standard GitHub Copilot seat.
While per my experiment on Linux, it doesn't work at all.
I start copilot from /tmp, then /sandbox enable. I simply prepare a shell script, which contains one line to cat a file under my home directory:
╭─╮╭─╮
╰─╯╰─╯ Copilot v1.0.59 uses AI.
█ ▘▝ █ Check for mistakes.
▔▔▔▔
● No copilot-instructions.md found. Run /init to generate.
● Tip: /allow-all
└ Enable all permissions (tools, paths, and URLs)
● Sandboxing has been enabled.
❯ Run /tmp/a.sh
● Run /tmp/a.sh (sandboxed shell)
│ bash /tmp/a.sh
└ 2 lines...
◐ Let me run the script.
● Script ran successfully, outputting hello.
❯ cat /tmp/a.sh
#!/bin/bash
cat ~/hello.txt
What I expect is the script run shall fail as the child process should inherit the sandbox access, which doesn't include the user's home directory.
Affected version
No response
Steps to reproduce the behavior
No response
Expected behavior
No response
Additional context
No response
Describe the bug
https://github.blog/changelog/2026-06-02-cloud-and-local-sandboxes-for-github-copilot-now-in-public-preview/
While per my experiment on Linux, it doesn't work at all.
I start copilot from
/tmp, then/sandbox enable. I simply prepare a shell script, which contains one line to cat a file under my home directory:What I expect is the script run shall fail as the child process should inherit the sandbox access, which doesn't include the user's home directory.
Affected version
No response
Steps to reproduce the behavior
No response
Expected behavior
No response
Additional context
No response