Local sandbox mode doesn't work on Linux

[magodo]

Describe the bug

https://github.blog/changelog/2026-06-02-cloud-and-local-sandboxes-for-github-copilot-now-in-public-preview/

Inside any Copilot session, enable sandboxing with /sandbox enable. Shell command execution initiated by Copilot for that session runs with restricted access to your filesystem, network, and system capabilities, so you can experiment with agentic workflows while staying in control of what Copilot can touch on your machine. Local sandboxing is built on Microsoft MXC technology for a consistent isolation experience across macOS, Linux, and Windows. Enterprise teams can also centrally configure and enforce local sandbox policies through Microsoft Intune and other MDM platforms. Local sandboxes are included in the standard GitHub Copilot seat.

While per my experiment on Linux, it doesn't work at all.

I start copilot from /tmp, then /sandbox enable. I simply prepare a shell script, which contains one line to cat a file under my home directory：

  ╭─╮╭─╮
  ╰─╯╰─╯  Copilot v1.0.59 uses AI.
  █ ▘▝ █  Check for mistakes.
   ▔▔▔▔

● No copilot-instructions.md found. Run /init to generate.

● Tip: /allow-all
  └ Enable all permissions (tools, paths, and URLs)

● Sandboxing has been enabled.

❯ Run /tmp/a.sh

● Run /tmp/a.sh (sandboxed shell)
  │ bash /tmp/a.sh
  └ 2 lines...

◐ Let me run the script.

● Script ran successfully, outputting hello.

❯ cat /tmp/a.sh
#!/bin/bash
cat ~/hello.txt

What I expect is the script run shall fail as the child process should inherit the sandbox access, which doesn't include the user's home directory.

Affected version

No response

Steps to reproduce the behavior

No response

Expected behavior

No response

Additional context

No response