mirror of
https://github.com/1Panel-dev/MaxKB.git
synced 2025-12-25 17:22:55 +00:00
build: sandbox权限限制,/opt/maxkb/app 目录下的文件只能读取自己的 /opt/maxkb/app/sandbox
This commit is contained in:
CaptainB
刘瑞斌
parent
fb38f94d61
commit
52e883c65c
|
|
@ -61,6 +61,8 @@ RUN chmod 755 /opt/maxkb/app/installer/run-maxkb.sh && \
|
|||
cp -f /opt/maxkb/app/installer/run-maxkb.sh /usr/bin/run-maxkb.sh && \
|
||||
cp -f /opt/maxkb/app/installer/init.sql /docker-entrypoint-initdb.d && \
|
||||
mkdir -p /opt/maxkb/app/sandbox/python-packages && \
|
||||
find /opt/maxkb/app -mindepth 1 -not -name 'sandbox' -exec chmod 700 {} + && \
|
||||
chmod 500 /opt/maxkb/app/sandbox && \
|
||||
useradd --no-create-home --home /opt/maxkb/app/sandbox --shell /bin/bash sandbox && \
|
||||
chown sandbox:sandbox /opt/maxkb/app/sandbox
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue