Does sandboxing work with GUI applications?

Generally, no. Sandboxing is optimized for CLI operations, and GUI applications often require system resources that are restricted by standard sandbox profiles.

How do I enable the sandbox via the command line?

You can enable it by adding the -s flag to your command, such as 'gemini -s -p "command"', or by exporting the GEMINI_SANDBOX=true environment variable.

Can I restrict network access specifically on macOS?

Yes, by setting the SEATBELT_PROFILE environment variable to 'restrictive-closed' or 'permissive-closed', you can effectively block network traffic from the sandboxed process.

What sandbox methods does this skill support?

It supports Docker (full container), Podman (rootless container), and macOS Seatbelt (process-level sandbox) for various levels of system isolation.

What should I do if I get an 'Operation not permitted' error?

This is often the intended behavior of a sandbox. This skill helps you determine if you need a more permissive profile or if the operation should be handled outside the sandbox.

Gemini Sandbox Configurator

Name: Gemini Sandbox Configurator
Author: melodic-software

bymelodic-software

•

보안 및 테스팅

Configures and troubleshoots secure sandbox environments for Gemini CLI using Docker, Podman, and macOS Seatbelt isolation.

소개

The Gemini Sandbox Configurator acts as a specialized guide for isolating Gemini CLI operations from the host system, ensuring secure execution environments. It facilitates the selection and configuration of various sandboxing methods—including full Docker containers, rootless Podman instances, and macOS Seatbelt profiles—while providing precise troubleshooting for permission issues and network restrictions. By delegating to official documentation, it ensures users implement the most current security boundaries and isolation patterns for their specific operating systems.

주요 기능

Multi-platform isolation support including Docker, Podman, and macOS Seatbelt
1 GitHub stars
Environment-based sandbox management via command flags or settings.json
Granular macOS Seatbelt profile configuration for restrictive write and network access
Comprehensive troubleshooting for 'Operation not permitted' and container errors
Seamless delegation to official Gemini CLI documentation for up-to-date security patterns

사용 사례

Configuring restricted network access via specialized macOS Seatbelt profiles
Enabling secure, isolated command execution for untrusted scripts and code
Debugging container-based sandboxing issues in local development or CI/CD pipelines

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add melodic-software/claude-code-plugins gemini-sandbox-configuration

For use in Claude.ai and ChatGPT

Download Skill

GitHub

소개