Skip to content

Windows Sandbox backend misreports "not enabled" when  wxc-exec runs non-elevated #560

Description

@brunosonnino

Relevant area(s)

Windows

Brief description of your issue

Running a windows_sandbox config with a non-elevated wxc-exec.exe fails with "Windows Sandbox is not enabled..." even when the feature is enabled. If you run wxc-exec.exe in an elevated prompt it runs fine. There is no elevation requirement in the documentation.

Steps to reproduce

  1. On a host where Windows Sandbox is enabled and dism ... /get-featureinfo shows State : Enabled when run from an elevated prompt.
  2. From a non-elevated terminal, run a windows_sandbox config: wxc-exec.exe --experimental windows_sandbox_echo.json (config: { "containment": "windows_sandbox", "process": { "commandLine": "cmd /c echo hi" } })
  3. Observe the error.

This error doesn't occur if you run in an elevated prompt

Expected behavior

wxc-exec.exe running non-elevated should correctly detect that Windows Sandbox is enabled and proceed (or, if disabled, say so). Feature-state detection should not require elevation. If elevation is required, it should be documented and the error message should show that.

Actual behavior

Non-elevated wxc-exec.exe reports:
Windows Sandbox is not enabled. Run 'dism /online /enable-feature /featurename:Containers-DisposableClientVM /all' and reboot.
even though the feature is enabled.

Metadata

Metadata

Assignees

No one assigned

    Type

    Fields

    No fields configured for Bug.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions