Skip to content

Commit

Permalink
narrow symlink issue workaround still further; add punycode-related t…
Browse files Browse the repository at this point in the history
…weak
  • Loading branch information
paulfitz committed Nov 18, 2024
1 parent a03b4e0 commit bf04b59
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 9 deletions.
7 changes: 7 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,12 @@ WORKDIR /grist
# settings, you can get sandboxing as follows:
# docker run --env GRIST_SANDBOX_FLAVOR=gvisor -p 8484:8484 -it <image>
#
# "NODE_OPTIONS=--no-deprecation" is set because there is a punycode
# deprecation nag that is relevant to developers but not to users.
# TODO: upgrade package.json to avoid using all package versions
# using the punycode functionality that may be removed in future
# versions of node.
#
ENV \
PYTHON_VERSION_ON_CREATION=3 \
GRIST_ORG_IN_PATH=true \
Expand All @@ -177,6 +183,7 @@ ENV \
GRIST_SESSION_COOKIE=grist_core \
GVISOR_FLAGS="-unprivileged -ignore-cgroups" \
GRIST_SANDBOX_FLAVOR=unsandboxed \
NODE_OPTIONS="--no-deprecation" \
TYPEORM_DATABASE=/persist/home.sqlite3

EXPOSE 8484
Expand Down
17 changes: 8 additions & 9 deletions sandbox/gvisor/run.py
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@
]

# Helper for preparing a mount.
def preserve(*locations, short_failure=False, skip_symlink=False):
def preserve(*locations, short_failure=False):
for location in locations:
# Check the requested directory is visible on the host, and that there hasn't been a
# muddle. For Grist, this could happen if a parent directory of a temporary import
Expand All @@ -142,12 +142,6 @@ def preserve(*locations, short_failure=False, skip_symlink=False):
raise Exception('cannot find: ' + location)
raise Exception('cannot find: ' + location + ' ' +
'(if tmp path, make sure TMPDIR when running grist and GRIST_TMP line up)')
if os.path.islink(location) and skip_symlink:
# Do not attempt to include symlink directories, they are not supported
# and will cause obscure failures. In Grist's docker image, they show
# up only via pairs like /lib64 and /usr/lib64, where we actually only
# need whichever is "real".
return
mounts.append({
"destination": location,
"source": location,
Expand All @@ -167,8 +161,13 @@ def preserve(*locations, short_failure=False, skip_symlink=False):
preserve("/usr/bin")

preserve("/usr/local/lib")
if os.path.exists('/lib64'):
preserve("/lib64", skip_symlink=True)

# Do not attempt to include symlink directories, they are not supported
# and will cause obscure failures. On debian bookworm /lib64 is a
# symlink and we do not appear to need it, relative to debian buster
# where it is a real directory.
if os.path.exists('/lib64') and not os.path.islink('/lib64'):
preserve("/lib64")
if os.path.exists('/usr/lib64'):
preserve("/usr/lib64")
preserve("/usr/lib")
Expand Down

0 comments on commit bf04b59

Please sign in to comment.