langgenius / dify-sandbox

A lightweight, fast, and secure code execution environment that supports multiple programming languages
https://docs.dify.ai/development/backend/sandbox
Apache License 2.0
412 stars 93 forks source link

allow to set ALLOWED_SYSCALLS environment variables #45

Closed tmokmss closed 2 months ago

tmokmss commented 2 months ago

Usecase: I want to allow certain system calls without re-building the sandbox binary to use some additional packages.

The ALLOWED_SYSCALLS is read here in the child process:

https://github.com/langgenius/dify-sandbox/blob/d848aa91a1669b4a1f5052f53993445f4c8163b1/internal/core/lib/python/add_seccomp.go#L31-L40

Let me know if there is any reason to deny to set ALLOWED_SYSCALLS environment variables dynamically 🙏

Yeuoly commented 2 months ago

This environment variable is designed for debugging, we can quickly dig out which syscall is required but missed, setting it globally could bring some risks. for example, someone make it unlimited to ensure everything works fine, but at the same time it increases risks.

But it's valuable sometimes, I think it can be merged

Yeuoly commented 2 months ago

But you had better made it a config here https://github.com/langgenius/dify-sandbox/blob/main/internal/types/config.go

Yeuoly commented 2 months ago

And comment it with "Please leave it empty if you have no idea how seccomp works"

tmokmss commented 2 months ago

@Yeuoly Thanks, I made it a config value. I agree with that it increases risks, but there are usecases that we can compromise (e.g. using self-hosted dify just for their own.)

tmokmss commented 2 months ago

@Yeuoly Hi, gentle reminder just in case if you missed to click the merge button.