github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-07 20:31:06 -05:00
Code Issues Projects Releases Packages Wiki Activity

add option for apparmor profile

Browse source
This commit is contained in:
Brian Gough 2021-07-21 14:53:35 +01:00
parent 3de07dbef2
commit 262793c04f
2 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
services/clsi/app/js/DockerRunner.js
View file

@ -270,6 +270,12 @@ const DockerRunner = {
)
}
if (Settings.clsi.docker.apparmor_profile != null) {
options.HostConfig.SecurityOpt.push(
`apparmor=${Settings.clsi.docker.apparmor_profile}`
)
}
if (Settings.clsi.docker.runtime) {
options.HostConfig.Runtime = Settings.clsi.docker.runtime
}

9
services/clsi/config/settings.defaults.js
View file

@ -143,6 +143,15 @@ if (process.env.DOCKER_RUNNER) {
process.exit(1)
}
if (process.env.APPARMOR_PROFILE) {
try {
module.exports.clsi.docker.apparmor_profile = process.env.APPARMOR_PROFILE
} catch (error) {
console.error(error, 'could not apply apparmor profile setting')
process.exit(1)
}
}
if (process.env.ALLOWED_IMAGES) {
try {
module.exports.clsi.docker.allowedImages =