mirror of
https://github.com/gristlabs/grist-core.git
synced 2025-06-13 20:53:59 +00:00
134ae99e9a
Summary: This adds support for gvisor sandboxing in core. When Grist is run outside of a container, regular gvisor can be used (if on linux), and will run in rootless mode. When Grist is run inside a container, docker's default policy is insufficient for running gvisor, so a fork of gvisor is used that has less defence-in-depth but can run without privileges. Sandboxing is automatically turned on in the Grist core container. It is not turned on automatically when built from source, since it is operating-system dependent. This diff may break a complex method of testing Grist with gvisor on macs that I may have been the only person using. If anyone complains I'll find time on a mac to fix it :) This diff includes a small "easter egg" to force document loads, primarily intended for developer use. Test Plan: existing tests pass; checked that core and saas docker builds function Reviewers: alexmojaki Reviewed By: alexmojaki Subscribers: alexmojaki Differential Revision: https://phab.getgrist.com/D3333 |
||
|---|---|---|
| .. | ||
| aclui | ||
| components | ||
| lib | ||
| models | ||
| ui | ||
| ui2018 | ||
| widgets | ||
| accountMain.ts | ||
| app.css | ||
| app.js | ||
| browserCheck.ts | ||
| declarations.d.ts | ||
| errorMain.ts | ||
| exposeModulesForTests.js | ||
| logo.css | ||
| tsconfig.json | ||