(core) lock down modification of the _grist_Attachments table

Summary: Rows in the _grist_Attachments table have a special lifecycle, being created by a special method, and deleted via a special process. All other modifications are now rejected, for simplicity. Test Plan: added test Reviewers: dsagal, jarek Reviewed By: dsagal, jarek Differential Revision: https://phab.getgrist.com/D3712
2026-03-02 04:09:24 +00:00 · 2022-11-22 09:15:18 -05:00
parent 94a7b750a8
commit 312d2331a8
4 changed files with 27 additions and 4 deletions
--- a/sandbox/gvisor/run.py
+++ b/sandbox/gvisor/run.py
@@ -81,8 +81,13 @@ settings = {
  "ociVersion": "1.0.0",
  "process": {
    "terminal": include_bash,
+    # Match current user id, for convenience with mounts. For some versions of
+    # gvisor, default behavior may be better - if you see "access denied" problems
+    # during imports, try commenting this section out. We could make imports work
+    # for any version of gvisor by setting mode when using tmp.dir to allow
+    # others to list directory contents.
    "user": {
-      "uid": os.getuid(),  # match current user id, for convenience with mounts
+      "uid": os.getuid(),
      "gid": 0
    },
    "args": cmd_args,