refactor: change dir permissions.

apps/common/utils/tool_code.py

@@ -38,6 +38,7 @@ class ToolExecutor:
             return
         if self.sandbox:
             os.chmod("/dev/shm", 0o707)
+            os.chmod("/dev/mqueue", 0o707)
         if CONFIG.get("SANDBOX_TMP_DIR_ENABLED", '0') == "1":
             tmp_dir_path = os.path.join(self.sandbox_path, 'tmp')
             os.makedirs(tmp_dir_path, 0o700, exist_ok=True)

installer/Dockerfile-base

@@ -30,9 +30,9 @@ RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
     chmod g-xr /usr/local/bin/* /usr/bin/* /bin/* /usr/sbin/* /sbin/* /usr/lib/postgresql/17/bin/* && \
     chmod g+xr /usr/bin/ld.so && \
     chmod g+x /usr/local/bin/python* && \
-    chmod -R g-rwx /tmp /var/tmp /dev/mqueue /var/lock /var/lib/postgresql && \
+    chmod -R g-rwx /tmp /var/tmp /var/lock && \
     apt-get clean all && \
-    rm -rf /var/lib/apt/lists/* /usr/share/doc/* /usr/share/man/* /usr/share/info/* /usr/share/locale/* /usr/share/lintian/* /usr/share/linda/* /var/cache/* /var/log/* /var/tmp/* /tmp/*
+    rm -rf /var/lib/postgresql /var/lib/apt/lists/* /usr/share/doc/* /usr/share/man/* /usr/share/info/* /usr/share/locale/* /usr/share/lintian/* /usr/share/linda/* /var/cache/* /var/log/* /var/tmp/* /tmp/*
 COPY --from=vector-model --chmod=700 /opt/maxkb-app/model /opt/maxkb-app/model
 
 ENV PATH=/opt/py3/bin:$PATH \