TNT-Flo/sandbox-web-ide
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

firejail theoretically works

Browse Source
This commit is contained in:
Ishaan Dey
2024-05-24 18:18:00 -07:00
parent 2abc9d4a4c
commit b5425d3469
2 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/server/dockerfile
View File

@ -21,8 +21,10 @@ RUN mkdir projects && chown -R sboxuser:sboxuser projects
# todo user namespace mapping
RUN apt-get install -y firejail
# RUN echo "noblacklist /code/projects\nprivate-bin node\nwhitelist /code/projects\n" > /etc/firejail/sboxuser.profile
RUN echo '#!/bin/bash\nexec firejail --private=/projects --noprofile node dist/index.js' > /start.sh
# RUN echo '#!/bin/bash\nexec firejail --private=/projects --noprofile node dist/index.js' > /start.sh
RUN echo '#!/bin/bash\nexec firejail --private=/code/projects --noprofile --net=none --whitelist=/code/projects node dist/index.js' > /start.sh
RUN chmod +x /start.sh
USER sboxuser