mirror of
https://github.com/gristlabs/grist-core.git
synced 2024-10-27 20:44:07 +00:00
back off from making gvisor sandboxing default in docker image (#178)
It looks like making gvisor sandboxing the default in our docker image is causing people trouble, so this backs off from that change. We retain gvisor's runsc executable in the image so that turning on sandboxing is just an environment variable setting away. Lack of sandboxing is not good for users opening untrusted documents, so it would be good to be aggressive about turning it on, or communicating about it, so there's follow-up work needed. In the meantime I've updated the documentation about it somewhat. See https://github.com/gristlabs/grist-core/issues/177
This commit is contained in:
parent
22807fce8e
commit
a14eb92656
10
Dockerfile
10
Dockerfile
@ -94,6 +94,14 @@ ADD plugins plugins
|
|||||||
# started as:
|
# started as:
|
||||||
# docker run -p 8484:8484 -it <image>
|
# docker run -p 8484:8484 -it <image>
|
||||||
# Variables will need to be overridden for other setups.
|
# Variables will need to be overridden for other setups.
|
||||||
|
#
|
||||||
|
# GRIST_SANDBOX_FLAVOR is set to unsandboxed by default, because it
|
||||||
|
# appears that the services people use to run docker containers have
|
||||||
|
# a wide variety of security settings and the functionality needed for
|
||||||
|
# sandboxing may not be possible in every case. For default docker
|
||||||
|
# settings, you can get sandboxing as follows:
|
||||||
|
# docker run --env GRIST_SANDBOX_FLAVOR=gvisor -p 8484:8484 -it <image>
|
||||||
|
#
|
||||||
ENV \
|
ENV \
|
||||||
PYTHON_VERSION_ON_CREATION=3 \
|
PYTHON_VERSION_ON_CREATION=3 \
|
||||||
GRIST_ORG_IN_PATH=true \
|
GRIST_ORG_IN_PATH=true \
|
||||||
@ -104,7 +112,7 @@ ENV \
|
|||||||
GRIST_INST_DIR=/persist \
|
GRIST_INST_DIR=/persist \
|
||||||
GRIST_SESSION_COOKIE=grist_core \
|
GRIST_SESSION_COOKIE=grist_core \
|
||||||
GVISOR_FLAGS="-unprivileged -ignore-cgroups" \
|
GVISOR_FLAGS="-unprivileged -ignore-cgroups" \
|
||||||
GRIST_SANDBOX_FLAVOR=gvisor \
|
GRIST_SANDBOX_FLAVOR=unsandboxed \
|
||||||
TYPEORM_DATABASE=/persist/home.sqlite3
|
TYPEORM_DATABASE=/persist/home.sqlite3
|
||||||
|
|
||||||
EXPOSE 8484
|
EXPOSE 8484
|
||||||
|
24
README.md
24
README.md
@ -50,6 +50,11 @@ Here are some specific feature highlights of Grist:
|
|||||||
- Control access based on cell values and user attributes.
|
- Control access based on cell values and user attributes.
|
||||||
* Can be self-maintained.
|
* Can be self-maintained.
|
||||||
- Useful for intranet operation and specific compliance requirements.
|
- Useful for intranet operation and specific compliance requirements.
|
||||||
|
* Sandboxing options for untrusted documents.
|
||||||
|
- On Linux or with docker, you can enable
|
||||||
|
[gVisor](https://github.com/google/gvisor) sandboxing at the individual
|
||||||
|
document level.
|
||||||
|
- On OSX, you can use native sandboxing.
|
||||||
|
|
||||||
If you are curious about where Grist is going heading,
|
If you are curious about where Grist is going heading,
|
||||||
see [our roadmap](https://github.com/gristlabs/grist-core/projects/1), drop a
|
see [our roadmap](https://github.com/gristlabs/grist-core/projects/1), drop a
|
||||||
@ -62,7 +67,7 @@ There are docker images set up for individual use, or (with some
|
|||||||
configuration) for self-hosting. Grist Labs offers a hosted service
|
configuration) for self-hosting. Grist Labs offers a hosted service
|
||||||
at [docs.getgrist.com](https://docs.getgrist.com).
|
at [docs.getgrist.com](https://docs.getgrist.com).
|
||||||
|
|
||||||
To run Grist running on your computer with [Docker](https://www.docker.com/get-started), do:
|
To get Grist running on your computer with [Docker](https://www.docker.com/get-started), do:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
docker pull gristlabs/grist
|
docker pull gristlabs/grist
|
||||||
@ -88,6 +93,10 @@ port mapping:
|
|||||||
docker run --env PORT=9999 -p 9999:9999 -v $PWD/persist:/persist -it gristlabs/grist
|
docker run --env PORT=9999 -p 9999:9999 -v $PWD/persist:/persist -it gristlabs/grist
|
||||||
```
|
```
|
||||||
|
|
||||||
|
To enable gVisor sandboxing, set `--env GRIST_SANDBOX_FLAVOR=gvisor`.
|
||||||
|
This should work with default docker settings, but may not work in all
|
||||||
|
environments.
|
||||||
|
|
||||||
## Building from source
|
## Building from source
|
||||||
|
|
||||||
To build Grist from source, follow these steps:
|
To build Grist from source, follow these steps:
|
||||||
@ -98,6 +107,19 @@ To build Grist from source, follow these steps:
|
|||||||
yarn start
|
yarn start
|
||||||
# Grist will be available at http://localhost:8484/
|
# Grist will be available at http://localhost:8484/
|
||||||
|
|
||||||
|
Grist formulas in documents will be run using Python executed directly on your
|
||||||
|
machine. You can configure sandboxing using a `GRIST_SANDBOX_FLAVOR`
|
||||||
|
environment variable.
|
||||||
|
|
||||||
|
* On OSX, `export GRIST_SANDBOX_FLAVOR=macSandboxExec`
|
||||||
|
uses the native `sandbox-exec` command for sandboxing.
|
||||||
|
* On Linux with [gVisor's runsc](https://github.com/google/gvisor)
|
||||||
|
installed, `export GRIST_SANDBOX_FLAVOR=gvisor` is an option.
|
||||||
|
|
||||||
|
These sandboxing methods have been written for our own use at Grist Labs and
|
||||||
|
may need tweaking to work in your own environment - pull requests
|
||||||
|
very welcome here!
|
||||||
|
|
||||||
## Logins
|
## Logins
|
||||||
|
|
||||||
Like git, Grist has features to track document revision history. So for full operation,
|
Like git, Grist has features to track document revision history. So for full operation,
|
||||||
|
Loading…
Reference in New Issue
Block a user