TNT-Flo/sandbox-web-ide
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

firejail theoretically works

Browse Source
This commit is contained in:
Ishaan Dey 2024-05-24 18:18:00 -07:00
parent 2abc9d4a4c
commit b5425d3469
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
backend/server/dockerfile
View File

@ -21,8 +21,10 @@ RUN mkdir projects && chown -R sboxuser:sboxuser projects
# todo user namespace mapping # todo user namespace mapping
RUN apt-get install -y firejail RUN apt-get install -y firejail
# RUN echo "noblacklist /code/projects\nprivate-bin node\nwhitelist /code/projects\n" > /etc/firejail/sboxuser.profile
RUN echo '#!/bin/bash\nexec firejail --private=/projects --noprofile node dist/index.js' > /start.sh # RUN echo '#!/bin/bash\nexec firejail --private=/projects --noprofile node dist/index.js' > /start.sh
RUN echo '#!/bin/bash\nexec firejail --private=/code/projects --noprofile --net=none --whitelist=/code/projects node dist/index.js' > /start.sh
RUN chmod +x /start.sh RUN chmod +x /start.sh
USER sboxuser USER sboxuser

6
backend/server/src/index.ts
View File

@ -116,9 +116,9 @@ io.on("connection", async (socket) => {
} }
} }
console.log("describing service:"); // console.log("describing service:");
const describeService = await testDescribe(); // const describeService = await testDescribe();
console.log(describeService); // console.log(describeService);
const sandboxFiles = await getSandboxFiles(data.sandboxId); const sandboxFiles = await getSandboxFiles(data.sandboxId);
sandboxFiles.fileData.forEach((file) => { sandboxFiles.fileData.forEach((file) => {