improve docs

Author: aaronsteers

devlog/2025-03-sandboxing.md

@@ -71,14 +71,22 @@ Both Docker images were built and tested locally with the `spec` command to veri
 ### Firejail Test Results
 
 ```bash
-docker run --rm airbyte/source-declarative-manifest-firejail spec
+$ cd docker/sandbox-poc
+...
+$ docker build -f Dockerfile.firejail -t airbyte/source-declarative-manifest-firejail .
+...
+$ docker run --rm airbyte/source-declarative-manifest-firejail spec
 {"type":"SPEC","spec":{"connectionSpecification":{"$schema":"http://json-schema.org/draft-07/schema#","title":"Low-code source spec","type":"object","required":["__injected_declarative_manifest"],"additionalProperties":true,"properties":{"__injected_declarative_manifest":{"title":"Low-code manifest","type":"object","description":"The low-code manifest that defines the components of the source."}}},"documentationUrl":"https://docs.airbyte.com/integrations/sources/low-code","supportsNormalization":false,"supportsDBT":false}}
 ```
 
 ### gVisor Test Results
 
 ```bash
-docker run --rm airbyte/source-declarative-manifest-gvisor spec
+$ cd docker/sandbox-poc
+...
+$ docker build -f Dockerfile.gvisor -t airbyte/source-declarative-manifest-gvisor .
+...
+$ docker run --rm airbyte/source-declarative-manifest-gvisor spec
 running container: creating container: creating container root directory "/var/run/runsc": mkdir /var/run/runsc: permission denied
 {"type":"SPEC","spec":{"connectionSpecification":{"$schema":"http://json-schema.org/draft-07/schema#","title":"Low-code source spec","type":"object","required":["__injected_declarative_manifest"],"additionalProperties":true,"properties":{"__injected_declarative_manifest":{"title":"Low-code manifest","type":"object","description":"The low-code manifest that defines the components of the source."}}},"documentationUrl":"https://docs.airbyte.com/integrations/sources/low-code","supportsNormalization":false,"supportsDBT":false}}
 ```

docker/sandbox-poc/README.md

@@ -7,19 +7,35 @@ This directory contains Dockerfiles for proof-of-concept (POC) implementations o
 The `Dockerfile.firejail` adds [Firejail](https://firejail.wordpress.com/) to the source-declarative-manifest image. Firejail is a SUID sandbox program that restricts the running environment of untrusted applications using Linux namespaces and seccomp-bpf.
 
 To build the image:
-```
+
+```bash
+cd docker/sandbox-poc
 docker build -f Dockerfile.firejail -t airbyte/source-declarative-manifest-firejail .
 ```
 
+To test the image:
+
+```bash
+docker run --rm airbyte/source-declarative-manifest-firejail spec
+```
+
 ## gVisor
 
 The `Dockerfile.gvisor` adds [gVisor](https://gvisor.dev/) (via runsc) to the source-declarative-manifest image. gVisor is a user-space kernel, written in Go, that implements a substantial portion of the Linux system call interface. It provides an additional layer of isolation between running applications and the host operating system.
 
 To build the image:
-```
+
+```bash
+cd docker/sandbox-poc
 docker build -f Dockerfile.gvisor -t airbyte/source-declarative-manifest-gvisor .
 ```
 
+To test the image:
+
+```bash
+docker run --rm airbyte/source-declarative-manifest-gvisor spec
+```
+
 ## Usage
 
 Both images wrap the original entry point of the source-declarative-manifest connector with their respective sandboxing solution. The wrapped entry point handles all the same command-line arguments as the original entry point.