zhuchaowe/maxkb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

build: sandbox权限限制禁止向/tmp写入

Browse Source
This commit is contained in:
CaptainB 2024-09-26 16:17:19 +08:00 committed by 刘瑞斌
parent 677ce46b49
commit 2653c75f21
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
installer/Dockerfile
View File

@ -62,7 +62,7 @@ RUN chmod 755 /opt/maxkb/app/installer/run-maxkb.sh && \
cp -f /opt/maxkb/app/installer/init.sql /docker-entrypoint-initdb.d && \ cp -f /opt/maxkb/app/installer/init.sql /docker-entrypoint-initdb.d && \
mkdir -p /opt/maxkb/app/sandbox/python-packages && \ mkdir -p /opt/maxkb/app/sandbox/python-packages && \
find /opt/maxkb/app -mindepth 1 -not -name 'sandbox' -exec chmod 700 {} + && \ find /opt/maxkb/app -mindepth 1 -not -name 'sandbox' -exec chmod 700 {} + && \
chmod 500 /opt/maxkb/app/sandbox && \ chmod 755 /tmp && \
useradd --no-create-home --home /opt/maxkb/app/sandbox --shell /bin/bash sandbox && \ useradd --no-create-home --home /opt/maxkb/app/sandbox --shell /bin/bash sandbox && \
chown sandbox:sandbox /opt/maxkb/app/sandbox chown sandbox:sandbox /opt/maxkb/app/sandbox