Add privileged parameter to create sandbox, default to false

bchatelard · bchatelard · commit a75998bc65ee · 2025-11-14T15:49:51.000+01:00
diff --git a/docs/sandbox.md b/docs/sandbox.md
@@ -988,7 +988,8 @@ def create(cls,
            api_token: Optional[str] = None,
            timeout: int = 300,
            idle_timeout: Optional[IdleTimeout] = None,
-           enable_tcp_proxy: bool = False) -> Sandbox
+           enable_tcp_proxy: bool = False,
+           privileged: bool = False) -> Sandbox
 ```
 
 Create a new sandbox instance.
@@ -1012,6 +1013,7 @@ Create a new sandbox instance.
   - int > 0: Deep sleep only (e.g., 600 for 600s deep sleep)
   - dict: Explicit configuration with {"light_sleep": 300, "deep_sleep": 600}
 - `enable_tcp_proxy` - If True, enables TCP proxy for direct TCP access to port 3031
+- `privileged` - If True, run the container in privileged mode (default: False)
   
 
 **Returns**:
@@ -1455,7 +1457,8 @@ async def create(cls,
                  api_token: Optional[str] = None,
                  timeout: int = 300,
                  idle_timeout: Optional[IdleTimeout] = None,
-                 enable_tcp_proxy: bool = False) -> AsyncSandbox
+                 enable_tcp_proxy: bool = False,
+                 privileged: bool = False) -> AsyncSandbox
 ```
 
 Create a new sandbox instance with async support.
@@ -1479,6 +1482,7 @@ Create a new sandbox instance with async support.
   - int > 0: Deep sleep only (e.g., 600 for 600s deep sleep)
   - dict: Explicit configuration with {"light_sleep": 300, "deep_sleep": 600}
 - `enable_tcp_proxy` - If True, enables TCP proxy for direct TCP access to port 3031
+- `privileged` - If True, run the container in privileged mode (default: False)
   
 
 **Returns**:
diff --git a/koyeb/sandbox/sandbox.py b/koyeb/sandbox/sandbox.py
@@ -113,6 +113,7 @@ def create(
         timeout: int = 300,
         idle_timeout: Optional[IdleTimeout] = None,
         enable_tcp_proxy: bool = False,
+        privileged: bool = False,
     ) -> Sandbox:
         """
             Create a new sandbox instance.
@@ -135,6 +136,7 @@ def create(
                     - int > 0: Deep sleep only (e.g., 600 for 600s deep sleep)
                     - dict: Explicit configuration with {"light_sleep": 300, "deep_sleep": 600}
                 enable_tcp_proxy: If True, enables TCP proxy for direct TCP access to port 3031
+                privileged: If True, run the container in privileged mode (default: False)
 
         Returns:
                 Sandbox: A new Sandbox instance
@@ -161,6 +163,7 @@ def create(
             timeout=timeout,
             idle_timeout=idle_timeout,
             enable_tcp_proxy=enable_tcp_proxy,
+            privileged=privileged,
         )
 
         if wait_ready:
@@ -187,6 +190,7 @@ def _create_sync(
         timeout: int = 300,
         idle_timeout: Optional[IdleTimeout] = None,
         enable_tcp_proxy: bool = False,
+        privileged: bool = False,
     ) -> Sandbox:
         """
         Synchronous creation method that returns creation parameters.
@@ -215,7 +219,7 @@ def _create_sync(
         app_id = app_response.app.id
 
         env_vars = build_env_vars(env)
-        docker_source = create_docker_source(image, [], privileged=True)
+        docker_source = create_docker_source(image, [], privileged=privileged)
         deployment_definition = create_deployment_definition(
             name=name,
             docker_source=docker_source,
@@ -848,6 +852,7 @@ async def create(
         timeout: int = 300,
         idle_timeout: Optional[IdleTimeout] = None,
         enable_tcp_proxy: bool = False,
+        privileged: bool = False,
     ) -> AsyncSandbox:
         """
             Create a new sandbox instance with async support.
@@ -870,6 +875,7 @@ async def create(
                     - int > 0: Deep sleep only (e.g., 600 for 600s deep sleep)
                     - dict: Explicit configuration with {"light_sleep": 300, "deep_sleep": 600}
                 enable_tcp_proxy: If True, enables TCP proxy for direct TCP access to port 3031
+                privileged: If True, run the container in privileged mode (default: False)
 
         Returns:
                 AsyncSandbox: A new AsyncSandbox instance
@@ -899,6 +905,7 @@ async def create(
                 timeout=timeout,
                 idle_timeout=idle_timeout,
                 enable_tcp_proxy=enable_tcp_proxy,
+                privileged=privileged,
             ),
         )
 
