pkg/sbx: Add docker-sbx packaging support

.github/CODEOWNERS

@@ -6,4 +6,4 @@ pkg/cagent/*         @docker/ai-agent-team
 pkg/containerd/*     @docker/engine
 pkg/docker-cli/*     @docker/engine
 pkg/docker-engine/*  @docker/engine
-
+pkg/sbx/*            @docker/coding-agent-sandboxes

.github/labeler.yml

@@ -45,3 +45,6 @@ area/pkg/model:
   - changed-files:
     - any-glob-to-any-file: 'pkg/model/**'
 
+area/pkg/sbx:
+  - changed-files:
+    - any-glob-to-any-file: 'pkg/sbx/**'

docker-bake.hcl

@@ -52,7 +52,8 @@ variable "PKGS" {
     "docker-cli",
     "docker-engine",
     "model",
-    "cagent"
+    "cagent",
+    "sbx"
   ]
 }
 
@@ -167,6 +168,31 @@ variable "BUILD_CACHE_REGISTRY_PUSH" {
   default = ""
 }
 
+variable "SBX_SRC" {
+  description = "Path to the sbx source repo checkout. The binary is built by its own Dockerfile."
+  default = "./sandboxes-src"
+}
+
+variable "RUNTIME_SRC" {
+  description = "Path to a directory containing pre-built runtime binaries. Use scripts/fetch-runtime-binaries.sh to populate it."
+  default = "./runtime-bin"
+}
+
+variable "EROFS_UTILS_REPO" {
+  description = "Repository URL for erofs-utils source."
+  default = "https://github.com/erofs/erofs-utils.git"
+}
+
+variable "EROFS_UTILS_VERSION" {
+  description = "Git tag of erofs-utils to build mkfs.erofs from."
+  default = "v1.9.1"
+}
+
+variable "VERSION" {
+  description = "Version of the package to build. Used by sbx; other packages derive this from PKG_REF."
+  default = null
+}
+
 #
 # distros configurations
 #
@@ -586,6 +612,34 @@ target "_pkg-cagent" {
   }
 }
 
+# sbx binary is built by its own Dockerfile.
+target "sbx-binaries" {
+  context = SBX_SRC
+  target = "binaries"
+  platforms = pkgPlatforms("sbx")
+  args = {
+    VERSION = VERSION
+  }
+  secret = ["type=env,id=GITHUB_TOKEN,env=GITHUB_TOKEN"]
+  ssh = ["default"]
+}
+
+target "_pkg-sbx" {
+  args = {
+    PKG_NAME = PKG_NAME != null && PKG_NAME != "" ? PKG_NAME : "docker-sbx"
+    PKG_REPO = PKG_REPO != null && PKG_REPO != "" ? PKG_REPO : "https://github.com/docker/sandboxes.git"
+    PKG_REF = PKG_REF != null && PKG_REF != "" ? PKG_REF : "main"
+    PKG_DEB_EPOCH = PKG_DEB_EPOCH != null && PKG_DEB_EPOCH != "" ? PKG_DEB_EPOCH : ""
+    VERSION = VERSION != null && VERSION != "" ? VERSION : PKG_REF
+    EROFS_UTILS_REPO = EROFS_UTILS_REPO
+    EROFS_UTILS_VERSION = EROFS_UTILS_VERSION
+  }
+  contexts = {
+    sbx-src = "target:sbx-binaries"
+    runtime-src = RUNTIME_SRC
+  }
+}
+
 # Returns the list of supported platforms for a given package.
 function "pkgPlatforms" {
   params = [pkg]
@@ -607,6 +661,8 @@ function "pkgPlatforms" {
     model = ["darwin/amd64", "darwin/arm64", "linux/amd64", "linux/arm64", "linux/arm/v7", "windows/amd64", "windows/arm64"]
     # https://github.com/docker/cagent/blob/1a83a28df2b0769e8cb14d54ac409bdbb98e254c/Taskfile.yml#L66
     cagent = ["darwin/amd64", "linux/arm/v7", "darwin/arm64", "linux/amd64", "linux/arm64", "windows/amd64", "windows/arm64"]
+    # https://github.com/docker/sandboxes/blob/main/docker-bake.hcl
+    sbx = ["linux/amd64"]
   }, pkg, [])
 }
 

pkg/sbx/Dockerfile

@@ -0,0 +1,141 @@
+# syntax=docker/dockerfile:1
+
+# Copyright 2026 Docker Packaging authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG XX_VERSION="1.9.0"
+
+ARG DISTRO_NAME="debian12"
+ARG DISTRO_TYPE="deb"
+ARG DISTRO_RELEASE="debian"
+ARG DISTRO_SUITE="bookworm"
+ARG DISTRO_ID="12"
+ARG DISTRO_IMAGE="debian:bookworm"
+
+ARG PKG_NAME="docker-sbx"
+ARG VERSION
+
+ARG EROFS_UTILS_REPO="https://github.com/erofs/erofs-utils.git"
+ARG EROFS_UTILS_VERSION="v1.9.1"
+
+# stage used as named context that mounts hack/scripts
+# see pkg target in docker-bake.hcl
+FROM scratch AS scripts
+
+# cross compilation helper
+FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
+
+# Pre-built binary from the sbx repo's own Dockerfile (binaries target).
+# Overridden via named context in docker-bake.hcl.
+FROM scratch AS sbx-src
+
+# Pre-built runtime binaries fetched by scripts/fetch-runtime-binaries.sh.
+# Overridden via named context in docker-bake.hcl.
+FROM scratch AS runtime-src
+
+# Clone erofs-utils source for building inside each distro-specific builder.
+FROM --platform=$BUILDPLATFORM debian:bookworm-slim AS erofs-src
+RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates git
+ARG EROFS_UTILS_REPO
+ARG EROFS_UTILS_VERSION
+RUN git clone --depth 1 --branch "${EROFS_UTILS_VERSION}" "${EROFS_UTILS_REPO}" /src/erofs-utils
+
+# deb
+FROM ${DISTRO_IMAGE} AS builder-deb
+COPY --from=xx / /
+ARG DISTRO_NAME
+RUN apt-get update && apt-get install -y --no-install-recommends apt-utils bash ca-certificates devscripts equivs
+COPY deb /root/package/debian
+COPY THIRD-PARTY-NOTICES /root/package/THIRD-PARTY-NOTICES
+ARG TARGETPLATFORM
+RUN mk-build-deps -t "xx-apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" -i /root/package/debian/control
+WORKDIR /root/package
+ARG NIGHTLY_BUILD
+ARG VERSION
+ARG DISTRO_RELEASE
+ARG DISTRO_ID
+ARG DISTRO_SUITE
+ARG PKG_NAME
+ARG PKG_PACKAGER
+ARG PKG_DEB_BUILDFLAGS
+ARG PKG_DEB_REVISION
+ARG PKG_DEB_EPOCH
+ARG SOURCE_DATE_EPOCH
+RUN --mount=type=bind,source=scripts/pkg-deb-build.sh,target=/usr/local/bin/pkg-deb-build \
+    --mount=type=bind,source=scripts/build-erofs.sh,target=/usr/local/bin/build-erofs \
+    --mount=type=bind,from=scripts,source=gen-deb-changelog.sh,target=/usr/local/bin/gen-deb-changelog \
+    --mount=type=bind,from=scripts,source=fix-cc.sh,target=/usr/local/bin/fix-cc \
+    --mount=type=bind,from=sbx-src,target=/opt/sbx-bin \
+    --mount=type=bind,from=runtime-src,target=/opt/runtime-bin \
+    --mount=type=bind,from=erofs-src,source=/src/erofs-utils,target=/opt/erofs-src \
+    --mount=type=bind,source=apparmor,target=/opt/apparmor \
+    --mount=type=bind,source=licenses,target=/opt/licenses \
+    OUTDIR=/out pkg-deb-build
+
+# rpm
+FROM ${DISTRO_IMAGE} AS builder-rpm
+COPY --from=xx / /
+ARG DISTRO_NAME
+RUN --mount=type=bind,from=scripts,source=rpm-init.sh,target=/usr/local/bin/rpm-init \
+  rpm-init $DISTRO_NAME
+COPY rpm /root/rpmbuild/SPECS
+ARG TARGETPLATFORM
+RUN --mount=type=bind,from=scripts,source=rpm-builddep.sh,target=/usr/local/bin/rpm-builddep \
+  rpm-builddep $(xx-info rhel-arch) /root/rpmbuild/SPECS
+WORKDIR /root/rpmbuild
+ARG NIGHTLY_BUILD
+ARG VERSION
+ARG DISTRO_RELEASE
+ARG DISTRO_ID
+ARG DISTRO_SUITE
+ARG PKG_NAME
+ARG PKG_PACKAGER
+ARG PKG_RPM_BUILDFLAGS
+ARG PKG_RPM_RELEASE
+ARG SOURCE_DATE_EPOCH
+RUN --mount=type=bind,source=scripts/pkg-rpm-build.sh,target=/usr/local/bin/pkg-rpm-build \
+    --mount=type=bind,source=scripts/build-erofs.sh,target=/usr/local/bin/build-erofs \
+    --mount=type=bind,from=scripts,source=fix-cc.sh,target=/usr/local/bin/fix-cc \
+    --mount=type=bind,from=sbx-src,target=/opt/sbx-bin \
+    --mount=type=bind,from=runtime-src,target=/opt/runtime-bin \
+    --mount=type=bind,from=erofs-src,source=/src/erofs-utils,target=/opt/erofs-src \
+    --mount=type=bind,source=apparmor,target=/opt/apparmor \
+    --mount=type=bind,source=THIRD-PARTY-NOTICES,target=/opt/notices/THIRD-PARTY-NOTICES \
+    --mount=type=bind,source=licenses,target=/opt/licenses \
+    OUTDIR=/out pkg-rpm-build
+
+# static
+FROM --platform=$BUILDPLATFORM ${DISTRO_IMAGE} AS builder-static
+COPY --from=xx / /
+RUN apt-get update && apt-get install -y --no-install-recommends bash ca-certificates file zip tar
+ARG PKG_NAME
+ARG VERSION
+ARG NIGHTLY_BUILD
+WORKDIR /build
+ARG TARGETPLATFORM
+RUN --mount=type=bind,source=scripts/pkg-static-build.sh,target=/usr/local/bin/pkg-static-build \
+    --mount=type=bind,source=scripts/build-erofs.sh,target=/usr/local/bin/build-erofs \
+    --mount=type=bind,from=scripts,source=fix-cc.sh,target=/usr/local/bin/fix-cc \
+    --mount=type=bind,from=sbx-src,target=/opt/sbx-bin \
+    --mount=type=bind,from=runtime-src,target=/opt/runtime-bin \
+    --mount=type=bind,from=erofs-src,source=/src/erofs-utils,target=/opt/erofs-src \
+    --mount=type=bind,source=THIRD-PARTY-NOTICES,target=/opt/notices/THIRD-PARTY-NOTICES \
+    --mount=type=bind,source=licenses,target=/opt/licenses \
+    OUTDIR=/out BUILDDIR=/build pkg-static-build
+
+FROM builder-${DISTRO_TYPE} AS build-pkg
+ARG BUILDKIT_SBOM_SCAN_STAGE=true
+
+FROM scratch AS pkg
+COPY --from=build-pkg /out /

pkg/sbx/THIRD-PARTY-NOTICES

@@ -0,0 +1,99 @@
+This file lists the third-party components bundled in the docker-sbx package,
+their copyright holders, and their licenses.
+
+Docker, Inc. offers to provide the complete corresponding source code for
+any GPL-licensed component listed below, for a period of at least three
+years from the date of distribution. To obtain source code, contact
+open-source@docker.com or visit the upstream repositories listed below.
+
+--------------------------------------------------------------------------------
+
+Component: Linux kernel (nerdbox-kernel)
+License: GPL-2.0-only
+Source: https://github.com/torvalds/linux
+Patches: https://github.com/containerd/nerdbox/tree/main/kernel/patches
+SPDX-License-Identifier: GPL-2.0-only
+
+  Copyright (C) Linus Torvalds and Linux kernel contributors.
+
+  This program is free software; you can redistribute it and/or modify it
+  under the terms of the GNU General Public License version 2 as published
+  by the Free Software Foundation.
+
+  The full text of the license is available at
+  https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
+
+--------------------------------------------------------------------------------
+
+Component: erofs-utils (mkfs.erofs)
+License: GPL-2.0+
+Source: https://github.com/erofs/erofs-utils
+SPDX-License-Identifier: GPL-2.0-or-later
+
+  Copyright (C) erofs-utils contributors.
+
+  This program is free software; you can redistribute it and/or modify it
+  under the terms of the GNU General Public License as published by the
+  Free Software Foundation; either version 2 of the License, or (at your
+  option) any later version.
+
+  The full text of the license is available at
+  https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
+
+--------------------------------------------------------------------------------
+
+Component: e2fsprogs (mkfs.ext4)
+License: GPL-2.0+
+Source: https://github.com/tytso/e2fsprogs
+SPDX-License-Identifier: GPL-2.0-or-later
+
+  Copyright (C) Theodore Ts'o and e2fsprogs contributors.
+
+  This program is free software; you can redistribute it and/or modify it
+  under the terms of the GNU General Public License as published by the
+  Free Software Foundation; either version 2 of the License, or (at your
+  option) any later version.
+
+  The full text of the license is available at
+  https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
+
+--------------------------------------------------------------------------------
+
+Component: crun (bundled in nerdbox-initrd)
+License: GPL-2.0+
+Source: https://github.com/containers/crun
+SPDX-License-Identifier: GPL-2.0-or-later
+
+  Copyright (C) Giuseppe Scrivano and crun contributors.
+
+  This program is free software; you can redistribute it and/or modify it
+  under the terms of the GNU General Public License as published by the
+  Free Software Foundation; either version 2 of the License, or (at your
+  option) any later version.
+
+  The full text of the license is available at
+  https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
+
+--------------------------------------------------------------------------------
+
+Component: containerd-shim-nerdbox-v1
+License: Apache-2.0
+Source: https://github.com/containerd/nerdbox
+SPDX-License-Identifier: Apache-2.0
+
+  Copyright The containerd Authors.
+
+  Licensed under the Apache License, Version 2.0.
+  https://www.apache.org/licenses/LICENSE-2.0
+
+--------------------------------------------------------------------------------
+
+Component: vminitd (bundled in nerdbox-initrd)
+License: Apache-2.0
+Source: https://github.com/containerd/nerdbox
+SPDX-License-Identifier: Apache-2.0
+
+  Copyright The containerd Authors.
+
+  Licensed under the Apache License, Version 2.0.
+  https://www.apache.org/licenses/LICENSE-2.0

pkg/sbx/apparmor/docker-sbx-nerdbox-shim

@@ -0,0 +1,17 @@
+# AppArmor profile for the containerd-shim-nerdbox-v1 binary.
+#
+# On kernels with kernel.apparmor_restrict_unprivileged_userns=1 (default on
+# Ubuntu 23.10+), unconfined processes cannot create user namespaces.  The
+# nerdbox shim needs user namespaces to set up microVMs, so this profile
+# explicitly allows it.
+#
+# Under ABI 3.0, the presence of a loaded profile is sufficient to permit
+# user namespace creation for the associated binary.
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+/usr/libexec/containerd-shim-nerdbox-v1 flags=(unconfined) {
+  include if exists <local/docker-sbx-nerdbox-shim>
+}

pkg/sbx/deb/control

@@ -0,0 +1,17 @@
+Source: docker-sbx
+Section: admin
+Priority: optional
+Maintainer: Docker <support@docker.com>
+Homepage: https://www.docker.com
+Standards-Version: 3.9.6
+Build-Depends: bash,
+               dh-apparmor,
+               debhelper-compat (= 12)
+
+Package: docker-sbx
+Priority: optional
+Architecture: linux-any
+Depends: ca-certificates
+Recommends: apparmor
+Description: Docker sbx
+Homepage: https://docs.docker.com/sandbox/