CARINA Sandbox provides fast, disposable execution environments that allow engineers, scientists, and developers to test code safely, run experiments without polluting the host OS, and validate scripts, configs, and workflows quickly.
This is controlled isolation using containers, designed to feel like a mission tool, not a dev toy.
carina sandbox templates
carina sandbox up <template> [--ttl 10m] [--name <name>]
Options:
--ttl <duration> — Time to live (default: 10m). Formats: 10m, 1h, 300s--name <name> — Custom name (auto-generated if omitted)Example:
carina sandbox up python --ttl 30m --name my-experiment
carina sandbox list
carina sandbox exec <name|id> <command>
carina sandbox exec my-experiment python --version
carina sandbox exec my-experiment bash
carina sandbox down <name|id>
carina sandbox cleanup
| Template | Base | Includes | Use For |
|---|---|---|---|
| ubuntu | Ubuntu | bash, coreutils, curl, ca-certificates | Shell scripts, config testing |
| python | Python 3.12 | Python 3.12, pip | Data science, AI/ML, scripting |
| node | Node.js LTS | Node.js, npm | Tooling, UI experiments, builds |
All sandboxes enforce:
--cap-drop ALL)--security-opt no-new-privileges:true)/dev or host network interfacesSandbox state is tracked in /var/lib/carina/sandboxes.json using UTC epoch timestamps. When TTL expires, carina sandbox cleanup removes the sandbox.
All actions are logged to /var/log/carina/sandbox.log:
[2026-02-05 10:30:00] [ubuntu] START: id=python-abc123 template=python ttl=600s
[2026-02-05 10:35:00] [ubuntu] EXEC: id=python-abc123 cmd=python --version
[2026-02-05 10:40:00] [ubuntu] CLEANUP: id=python-abc123 reason=expired
Sandbox fails to start:
which podmancarina group: groupspodman imagesCannot execute commands:
carina sandbox listRelated: CARINA Control, Mission Manual