refactor: ban host.docker.internal access by default.

2025-12-26 01:33:05 +00:00 · 2025-11-07 11:02:17 +08:00 · 2025-11-07 11:02:17 +08:00 · e30cf91528
parent e0f9adacb4
commit e30cf91528
1 changed files with 1 additions and 1 deletions
--- a/installer/Dockerfile-base
+++ b/installer/Dockerfile-base
@ -47,7 +47,7 @@ ENV PATH=/opt/py3/bin:$PATH \
    MAXKB_SANDBOX=1 \
    MAXKB_SANDBOX_PYTHON_PACKAGE_PATHS="/opt/py3/lib/python3.11/site-packages,/opt/maxkb-app/sandbox/python-packages,/opt/maxkb/python-packages" \
    MAXKB_SANDBOX_PYTHON_BANNED_KEYWORDS="subprocess.,system(,exec(,execve(,pty.,eval(,compile(,shutil.,input(,__import__" \
-    MAXKB_SANDBOX_PYTHON_BANNED_HOSTS="127.0.0.1,localhost,maxkb,pgsql,redis" \
+    MAXKB_SANDBOX_PYTHON_BANNED_HOSTS="127.0.0.1,localhost,host.docker.internal,maxkb,pgsql,redis" \
    MAXKB_ADMIN_PATH=/admin

 EXPOSE 6379