OrbStack Docs

Appearance

Isolated machines

Isolated machines run without OrbStack's macOS integration, for a more sandboxed Linux environment.

Use cases

In an age of supply chain attacks, running untrusted code with full access to your Mac is risky. A single malicious dependency or postinstall script can read your files, SSH keys, and environment variables. Isolated machines keep that code away from your Mac:

  • AI agents that run shell commands on their own
  • Untrusted dependencies and build scripts from npm, PyPI, and similar
  • Code review of unfamiliar projects before you trust them
  • Experiments you'd rather not have touch your home directory

What's different

Compared to a normal machine, an isolated machine:

  • Doesn't mount your Mac's file system (no /mnt/mac)
  • Can't reach the macOS host over the network or run mac commands
  • Doesn't forward your SSH agent by default
  • Doesn't get USB, serial, or sound device passthrough

You still get internet access, .orb.local domains, and SSH and orb access from your Mac, and the machine appears in the app like any other.

Security model

Isolated machines reduce risk by cutting off access to your files, host, and integrations, but they aren't a full security boundary. All machines and containers run in OrbStack's single Linux VM and share one kernel, so isolation relies on the Linux kernel's security model, with some extra hardening on top. This is generally fine for everyday untrusted code, such as third-party dependencies or AI agents that aren't trying to break out.

DANGER

Isolated machines aren't recommended for analyzing malware or running code that will actively try to exploit the kernel and escape the sandbox. For that, use a full virtual machine with its own kernel.

Creating an isolated machine

Add --isolated when creating a machine:

bash
orb create --isolated ubuntu my-sandbox

In the app, turn on Isolate machine when creating a machine.

File sharing

Isolated machines don't share any of your Mac's files by default. You can selectively share specific folders with --mount SOURCE[:DEST], which can be repeated:

bash
# Share ~/project (same path inside the machine)
orb create --isolated --mount ~/project ubuntu my-sandbox

# Share to a different path
orb create --isolated --mount ~/project:/work ubuntu my-sandbox

Network isolation

By default, an isolated machine can still reach other OrbStack machines and the internet, but not the macOS host directly. To also block other machines and host IPs while keeping internet access, add --isolate-network:

bash
orb create --isolated --isolate-network ubuntu my-sandbox

SSH agent forwarding

SSH agent forwarding is off by default in isolated machines. Turn it on with --forward-ssh-agent:

bash
orb create --isolated --forward-ssh-agent ubuntu my-sandbox

Changing settings later

You can change these settings on an existing machine with orb config set, or in the machine's settings in the app. A restart is needed if the machine is running.

bash
orb config set machine.my-sandbox.isolated true
orb config set machine.my-sandbox.isolate_network true
orb config set machine.my-sandbox.forward_ssh_agent true
orb config set machine.my-sandbox.mounts '~/project:/work'

Multiple mounts are comma-separated: ~/a,~/b:/work.

© 2024 Orbital Labs, LLC