feat: update Dockerfile to adjust permissions for Python binaries and restrict access to certain files

--bug=1057357 --user=刘瑞斌【工具】工具执行沙箱的权限没有做限制 https://www.tapd.cn/62980211/s/1717636
2025-12-28 23:32:48 +00:00 · 2025-06-24 16:21:10 +08:00 · 2025-06-24 16:21:10 +08:00 · 77295d2c13
parent 359f9c546d
commit 77295d2c13
1 changed files with 2 additions and 1 deletions
--- a/installer/Dockerfile
+++ b/installer/Dockerfile
@ -77,7 +77,8 @@ RUN chmod 755 /opt/maxkb-app/installer/*.sh && \
    useradd --no-create-home --home /opt/maxkb-app/sandbox sandbox -g root && \
    chown -R sandbox:root /opt/maxkb-app/sandbox && \
    chmod g-x /usr/local/bin/* /usr/bin/* /bin/* /usr/sbin/* /sbin/* /usr/lib/postgresql/17/bin/* && \
-    chmod g+x /usr/local/bin/python*
+    chmod g+x /usr/local/bin/python* && \
+    find /etc/ -type f ! -path '/etc/resolv.conf' ! -path '/etc/hosts' | xargs chmod g-rx

 EXPOSE 8080
 VOLUME /opt/maxkb