diff --git a/Dockerfile b/Dockerfile index dbe18aae..cf479c83 100644 --- a/Dockerfile +++ b/Dockerfile @@ -94,6 +94,14 @@ ADD plugins plugins # started as: # docker run -p 8484:8484 -it # Variables will need to be overridden for other setups. +# +# GRIST_SANDBOX_FLAVOR is set to unsandboxed by default, because it +# appears that the services people use to run docker containers have +# a wide variety of security settings and the functionality needed for +# sandboxing may not be possible in every case. For default docker +# settings, you can get sandboxing as follows: +# docker run --env GRIST_SANDBOX_FLAVOR=gvisor -p 8484:8484 -it +# ENV \ PYTHON_VERSION_ON_CREATION=3 \ GRIST_ORG_IN_PATH=true \ @@ -104,7 +112,7 @@ ENV \ GRIST_INST_DIR=/persist \ GRIST_SESSION_COOKIE=grist_core \ GVISOR_FLAGS="-unprivileged -ignore-cgroups" \ - GRIST_SANDBOX_FLAVOR=gvisor \ + GRIST_SANDBOX_FLAVOR=unsandboxed \ TYPEORM_DATABASE=/persist/home.sqlite3 EXPOSE 8484 diff --git a/README.md b/README.md index 27e711e8..fd7735f2 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,11 @@ Here are some specific feature highlights of Grist: - Control access based on cell values and user attributes. * Can be self-maintained. - Useful for intranet operation and specific compliance requirements. + * Sandboxing options for untrusted documents. + - On Linux or with docker, you can enable + [gVisor](https://github.com/google/gvisor) sandboxing at the individual + document level. + - On OSX, you can use native sandboxing. If you are curious about where Grist is going heading, see [our roadmap](https://github.com/gristlabs/grist-core/projects/1), drop a @@ -62,7 +67,7 @@ There are docker images set up for individual use, or (with some configuration) for self-hosting. Grist Labs offers a hosted service at [docs.getgrist.com](https://docs.getgrist.com). -To run Grist running on your computer with [Docker](https://www.docker.com/get-started), do: +To get Grist running on your computer with [Docker](https://www.docker.com/get-started), do: ```sh docker pull gristlabs/grist @@ -88,6 +93,10 @@ port mapping: docker run --env PORT=9999 -p 9999:9999 -v $PWD/persist:/persist -it gristlabs/grist ``` +To enable gVisor sandboxing, set `--env GRIST_SANDBOX_FLAVOR=gvisor`. +This should work with default docker settings, but may not work in all +environments. + ## Building from source To build Grist from source, follow these steps: @@ -98,6 +107,19 @@ To build Grist from source, follow these steps: yarn start # Grist will be available at http://localhost:8484/ +Grist formulas in documents will be run using Python executed directly on your +machine. You can configure sandboxing using a `GRIST_SANDBOX_FLAVOR` +environment variable. + + * On OSX, `export GRIST_SANDBOX_FLAVOR=macSandboxExec` + uses the native `sandbox-exec` command for sandboxing. + * On Linux with [gVisor's runsc](https://github.com/google/gvisor) + installed, `export GRIST_SANDBOX_FLAVOR=gvisor` is an option. + +These sandboxing methods have been written for our own use at Grist Labs and +may need tweaking to work in your own environment - pull requests +very welcome here! + ## Logins Like git, Grist has features to track document revision history. So for full operation, diff --git a/package.json b/package.json index dc7b92c1..5a3bbaf1 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "grist-core", - "version": "0.7.7", + "version": "0.7.8", "license": "Apache-2.0", "description": "Grist is the evolution of spreadsheets", "homepage": "https://github.com/gristlabs/grist-core",