gristlabs_grist-core/app/server/lib
Paul Fitzpatrick 134ae99e9a (core) add gvisor-based sandboxing to core
Summary:
This adds support for gvisor sandboxing in core. When Grist is run outside of a container, regular gvisor can be used (if on linux), and will run in rootless mode. When Grist is run inside a container, docker's default policy is insufficient for running gvisor, so a fork of gvisor is used that has less defence-in-depth but can run without privileges.

Sandboxing is automatically turned on in the Grist core container. It is not turned on automatically when built from source, since it is operating-system dependent.

This diff may break a complex method of testing Grist with gvisor on macs that I may have been the only person using. If anyone complains I'll find time on a mac to fix it :)

This diff includes a small "easter egg" to force document loads, primarily intended for developer use.

Test Plan: existing tests pass; checked that core and saas docker builds function

Reviewers: alexmojaki

Reviewed By: alexmojaki

Subscribers: alexmojaki

Differential Revision: https://phab.getgrist.com/D3333
2022-03-24 17:04:49 -04:00
..
ACLFormula.ts (core) add OWNERS='owners', EDITOR='editors', VIEWER='viewers' to condition formulas 2021-03-19 18:20:33 -04:00
ActionHistory.ts (core) do not look at content of recent actions when loading documents 2021-09-29 11:27:02 -04:00
ActionHistoryImpl.ts Correct spelling mistakes 2022-02-19 09:46:49 +00:00
ActionSummary.ts Correct spelling mistakes 2022-02-19 09:46:49 +00:00
ActiveDoc.ts (core) add gvisor-based sandboxing to core 2022-03-24 17:04:49 -04:00
ActiveDocImport.ts (core) Fix error when canceling import 2022-03-10 16:24:49 -08:00
AppEndpoint.ts (core) make Grist easier to run with a single server 2022-03-05 13:30:45 -05:00
Authorizer.ts (core) disentangle some server tests, release to core, add GRIST_PROXY_AUTH_HEADER test 2022-03-24 15:11:32 -04:00
BrowserSession.ts (core) add a user.SessionID value for trigger formulas and granular access rules 2022-02-22 12:50:43 -05:00
checksumFile.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
Client.ts (core) add a user.SessionID value for trigger formulas and granular access rules 2022-02-22 12:50:43 -05:00
Comm.js style fixes 2022-03-14 17:51:10 +01:00
dbUtils.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
DiscourseConnect.ts (core) Implement DiscourseConnect to enable easy sign-in to community forum 2021-10-01 11:24:22 -04:00
DocApi.ts (core) Clean up and refactor uses of HomeDBManager.getDoc 2022-03-24 13:42:36 +02:00
DocClients.ts (core) Add LogMethods helper and use it for more JSON data in logs. Reduce unhelpful logging. 2021-10-25 10:25:18 -04:00
DocManager.ts (core) Clean up and refactor uses of HomeDBManager.getDoc 2022-03-24 13:42:36 +02:00
DocPluginData.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
DocPluginManager.ts Correct spelling mistakes 2022-02-19 09:46:49 +00:00
DocSession.ts (core) add a user.SessionID value for trigger formulas and granular access rules 2022-02-22 12:50:43 -05:00
DocSnapshots.ts (core) Prune snapshots outside the window in product features 2022-03-18 18:48:14 +02:00
DocStorage.ts (core) More accurate data size measurement 2022-03-09 12:04:16 +02:00
DocStorageManager.ts (core) uncheck FullCopy special when copying/forking a document 2021-04-29 08:56:54 -04:00
docUtils.d.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
docUtils.js Correct spelling mistakes 2022-02-19 09:46:49 +00:00
DocWorker.ts (core) Clean up and refactor uses of HomeDBManager.getDoc 2022-03-24 13:42:36 +02:00
DocWorkerMap.ts (core) Enforce daily limit on API usage 2022-03-22 00:22:45 +02:00
ExcelFormatter.ts (core) Custom Widget column mapping feature. 2022-02-08 17:41:04 +01:00
ExpandedQuery.ts Correct spelling mistakes 2022-02-19 09:46:49 +00:00
Export.ts (core) Use MetaTableData more 2021-12-07 17:09:58 +02:00
ExportCSV.ts (core) Use MetaTableData more 2021-12-07 17:09:58 +02:00
ExportXLSX.ts (core) Exposing more descriptive errors from exports 2021-11-30 17:26:32 +01:00
expressWrap.ts (core) Add new Grist sign-up page 2022-02-14 10:32:47 -08:00
ExternalStorage.ts Correct spelling mistakes 2022-02-19 09:46:49 +00:00
extractOrg.ts (core) Add new Grist sign-up page 2022-02-14 10:32:47 -08:00
FileParserElement.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
filterUtils.ts (core) uncheck FullCopy special when copying/forking a document 2021-04-29 08:56:54 -04:00
FlexServer.ts (core) Clean up and refactor uses of HomeDBManager.getDoc 2022-03-24 13:42:36 +02:00
GoogleAuth.ts (core) Exposing more descriptive errors from exports 2021-11-30 17:26:32 +01:00
GoogleExport.ts (core) support python3 in grist-core, and running engine via docker and/or gvisor 2021-07-28 09:02:32 -04:00
GoogleImport.ts (core) Extending Google Drive integration scope 2021-10-01 10:47:12 +02:00
GranularAccess.ts (core) Crudely show row count and limit in UI 2022-03-14 21:49:32 +02:00
GristServer.ts (core) Clean up and refactor uses of HomeDBManager.getDoc 2022-03-24 13:42:36 +02:00
gristSessions.ts (core) Implement DiscourseConnect to enable easy sign-in to community forum 2021-10-01 11:24:22 -04:00
guessExt.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
HashUtil.ts (core) add more detail to /compare endpoint 2020-09-18 16:31:29 -04:00
HostedMetadataManager.ts Correct spelling mistakes 2022-02-19 09:46:49 +00:00
HostedStorageManager.ts (core) Prune snapshots outside the window in product features 2022-03-18 18:48:14 +02:00
IBilling.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
IChecksumStore.ts (core) revamp snapshot inventory 2020-10-30 13:52:46 -04:00
ICreate.ts (core) clean up a collection of small problems affecting grist-core 2021-08-17 21:44:50 -04:00
IDocStorageManager.ts (core) uncheck FullCopy special when copying/forking a document 2021-04-29 08:56:54 -04:00
idUtils.ts (core) start reconciling forking with granular access 2021-01-12 14:08:49 -05:00
IElectionStore.ts (core) move some material to core that slipped through in a rebase 2020-07-23 11:29:05 -04:00
initialDocSql.ts (core) Conditional formatting rules 2022-03-23 13:15:02 +01:00
INotifier.ts (core) add a tool for deleting a user 2021-09-29 12:08:23 -04:00
ISandbox.ts (core) New type conversion in the backend 2022-02-04 20:28:13 +02:00
IShell.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
ITestingHooks-ti.ts (core) be careful when reassigning a doc to a worker it was on before 2022-03-08 17:20:01 -05:00
ITestingHooks.ts (core) be careful when reassigning a doc to a worker it was on before 2022-03-08 17:20:01 -05:00
log.ts (core) give instructions on using Grist with docker 2020-10-28 13:59:13 -04:00
LogMethods.ts (core) Add LogMethods helper and use it for more JSON data in logs. Reduce unhelpful logging. 2021-10-25 10:25:18 -04:00
manifest.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
MinimalLogin.ts (core) make Grist easier to run with a single server 2022-03-05 13:30:45 -05:00
NSandbox.ts (core) add gvisor-based sandboxing to core 2022-03-24 17:04:49 -04:00
OnDemandActions.ts (core) Use MetaTableData more 2021-12-07 17:09:58 +02:00
PermissionInfo.ts (core) Add 'user' variable to trigger formulas 2021-07-15 15:18:32 -07:00
Permit.ts (core) revive saml support and test against Auth0 2021-08-16 17:36:09 -04:00
places.ts (core) fix docker packaging after core shuffle 2020-07-22 14:45:42 -04:00
PluginEndpoint.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
PluginManager.ts Correct spelling mistakes 2022-02-19 09:46:49 +00:00
reportTimeTaken.ts (core) Log the time taken by decodeActionFromRow() operations. 2021-08-20 11:28:33 -04:00
requestUtils.ts (core) Clean up and refactor uses of HomeDBManager.getDoc 2022-03-24 13:42:36 +02:00
RowAccess.ts (core) Add rules to eslint to better match our coding conventions. 2021-05-24 12:56:18 -04:00
SafePythonComponent.ts (core) Move file import plugins into core/sandbox/grist 2021-08-09 18:37:14 +02:00
SamlConfig.ts Fix typo in email fallback for SAML 2022-02-20 02:39:30 -08:00
SandboxControl.ts (core) freshen tests for python3 2021-11-10 10:46:12 -05:00
sandboxUtil.js (core) move home server into core 2020-07-21 20:39:10 -04:00
sendAppPage.ts (core) Record new user sign-ups 2022-03-12 14:34:46 -08:00
ServerColumnGetters.ts (core) Adding sort options for columns. 2021-11-03 15:31:39 +01:00
ServerLocale.ts (core) Simple localization support and currency selector. 2021-08-26 13:36:49 -07:00
serverUtils.ts (core) support setting python version of new docs with PYTHON_VERSION_ON_CREATION 2021-11-05 10:51:18 -04:00
Sessions.ts (core) make Grist easier to run with a single server 2022-03-05 13:30:45 -05:00
Sharing.ts (core) Crudely show row count and limit in UI 2022-03-14 21:49:32 +02:00
shortDesc.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
shutdown.js (core) move home server into core 2020-07-21 20:39:10 -04:00
SQLiteDB.ts (core) forbid use of sqlite ATTACH except during VACUUM 2022-03-14 09:34:44 -04:00
TableMetadataLoader.ts (core) open documents without blocking on data engine 2021-10-01 10:18:56 -04:00
TagChecker.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
TestingHooks.ts (core) be careful when reassigning a doc to a worker it was on before 2022-03-08 17:20:01 -05:00
TestLogin.ts (core) move more tests to grist-core 2021-12-10 18:33:07 -05:00
Throttle.ts (core) tweak throttling to work for gvisor/runsc 2021-11-04 17:23:43 -04:00
TimeQuery.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
Triggers.ts (core) Use MetaTableData more 2021-12-07 17:09:58 +02:00
UnsafeNodeComponent.ts (core) move home server into core 2020-07-21 20:39:10 -04:00
uploads.ts (core) make Grist easier to run with a single server 2022-03-05 13:30:45 -05:00
WidgetRepository.ts (core) Widget options api 2022-01-13 11:10:17 +01:00
WorkCoordinator.ts (core) move home server into core 2020-07-21 20:39:10 -04:00