15308555518/ MaxKB
1
0
Fork 0
mirror of https://github.com/1Panel-dev/MaxKB.git synced 2025-12-30 09:42:48 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

refactor: add env MAXKB_SANDBOX_PYTHON_ALLOW_SYSCALL.

This commit is contained in:
liqiang-fit2cloud 2025-12-29 11:56:49 +08:00
parent 2962f55753
commit dceb05bf5b
2 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/common/utils/tool_code.py
View File

@ -68,9 +68,10 @@ class ToolExecutor:
sandbox_conf_file_path = f'{sandbox_lib_path}/.sandbox.conf'
if os.path.exists(sandbox_conf_file_path):
os.remove(sandbox_conf_file_path)
allow_subprocess = CONFIG.get("SANDBOX_PYTHON_ALLOW_SUBPROCESS", '0')
banned_hosts = CONFIG.get("SANDBOX_PYTHON_BANNED_HOSTS", '').strip()
allow_dl_paths = CONFIG.get("SANDBOX_PYTHON_ALLOW_DL_PATHS",'').strip()
allow_subprocess = CONFIG.get("SANDBOX_PYTHON_ALLOW_SUBPROCESS", '0')
allow_syscall = CONFIG.get("SANDBOX_PYTHON_ALLOW_SYSCALL", '0')
if banned_hosts:
hostname = socket.gethostname()
local_ip = socket.gethostbyname(hostname)
@ -79,6 +80,7 @@ class ToolExecutor:
f.write(f"SANDBOX_PYTHON_BANNED_HOSTS={banned_hosts}\n")
f.write(f"SANDBOX_PYTHON_ALLOW_DL_PATHS={','.join(sorted(set(filter(None, sys.path + _sandbox_python_sys_path + allow_dl_paths.split(',')))))}\n")
f.write(f"SANDBOX_PYTHON_ALLOW_SUBPROCESS={allow_subprocess}\n")
f.write(f"SANDBOX_PYTHON_ALLOW_SYSCALL={allow_syscall}\n")
os.system(f"chmod -R 550 {_sandbox_path}")
try:

23
installer/sandbox.c
View File

@ -27,12 +27,14 @@
#define CONFIG_FILE ".sandbox.conf"
#define KEY_BANNED_HOSTS "SANDBOX_PYTHON_BANNED_HOSTS"
#define KEY_ALLOW_SUBPROCESS "SANDBOX_PYTHON_ALLOW_SUBPROCESS"
#define KEY_ALLOW_DL_PATHS "SANDBOX_PYTHON_ALLOW_DL_PATHS"
#define KEY_ALLOW_SUBPROCESS "SANDBOX_PYTHON_ALLOW_SUBPROCESS"
#define KEY_ALLOW_SYSCALL "SANDBOX_PYTHON_ALLOW_SYSCALL"
static char *banned_hosts = NULL;
static int allow_subprocess = 0; // 默认禁止
static char *allow_dl_paths = NULL;
static int allow_subprocess = 0; // 默认禁止
static int allow_syscall = 0;
static void load_sandbox_config() {
Dl_info info;
@ -40,6 +42,7 @@ static void load_sandbox_config() {
banned_hosts = strdup("");
allow_dl_paths = strdup("");
allow_subprocess = 0;
allow_syscall = 0;
return;
}
char so_path[PATH_MAX];
@ -53,6 +56,7 @@ static void load_sandbox_config() {
banned_hosts = strdup("");
allow_dl_paths = strdup("");
allow_subprocess = 0;
allow_syscall = 0;
return;
}
char line[512];
@ -61,6 +65,7 @@ static void load_sandbox_config() {
banned_hosts = strdup("");
allow_dl_paths = strdup("");
allow_subprocess = 0;
allow_syscall = 0;
while (fgets(line, sizeof(line), fp)) {
char *key = strtok(line, "=");
char *value = strtok(NULL, "\n");
@ -79,6 +84,8 @@ static void load_sandbox_config() {
allow_dl_paths = strdup(value); // 逗号分隔字符串
} else if (strcmp(key, KEY_ALLOW_SUBPROCESS) == 0) {
allow_subprocess = atoi(value);
} else if (strcmp(key, KEY_ALLOW_SYSCALL) == 0) {
allow_syscall = atoi(value);
}
}
fclose(fp);
@ -427,6 +434,10 @@ pid_t __forkpty(int *amaster, char *name, const struct termios *termp, const str
return forkpty(amaster, name, termp, winp);
}
/* syscall wrapper to intercept syscalls that directly create processes */
static int allow_access_syscall() {
ensure_config_loaded();
return allow_syscall || !is_sandbox_user();
}
long (*real_syscall)(long, ...) = NULL;
long syscall(long number, ...) {
RESOLVE_REAL(syscall);
@ -456,9 +467,6 @@ long syscall(long number, ...) {
#ifdef SYS_posix_spawnp
case SYS_posix_spawnp:
#endif
if (!allow_create_subprocess()) return deny();
}
switch (number) {
case SYS_socket:
case SYS_connect:
case SYS_bind:
@ -496,11 +504,12 @@ long syscall(long number, ...) {
case SYS_shmget:
case SYS_shmctl:
case SYS_prctl:
if (is_sandbox_user()) {
if (!allow_access_syscall()) {
fprintf(stderr, "Permission denied to access syscall %ld.\n", number);
errno = EACCES;
_exit(126);
return -1;
}
}
}
return real_syscall(number, a1, a2, a3, a4, a5, a6);
}