From a973919139240873e4fb038d49827a9d14b047ad Mon Sep 17 00:00:00 2001 From: Holger Huo <50446405+HolgerHuo@users.noreply.github.com> Date: Tue, 15 Oct 2024 00:45:07 +0800 Subject: [PATCH] feat(clsi): sandboxed compiles --- docker-compose.yml | 12 +++++++++-- server-ce/config/settings.js | 20 +++++++++++++++++++ .../Features/Project/ProjectOptionsHandler.js | 2 +- 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 2532cb7183..08df3c0301 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,7 +20,7 @@ services: #### Server Pro: Uncomment the following line to mount the docker #### #### socket, required for Sibling Containers to work #### ######################################################################## - # - /var/run/docker.sock:/var/run/docker.sock + - /var/run/docker.sock:/var/run/docker.sock environment: OVERLEAF_APP_NAME: Overleaf Community Edition @@ -81,7 +81,15 @@ services: SANDBOXED_COMPILES: 'true' SANDBOXED_COMPILES_SIBLING_CONTAINERS: 'true' ### Bind-mount source for /var/lib/overleaf/data/compiles inside the container. - SANDBOXED_COMPILES_HOST_DIR: '/home/user/sharelatex_data/data/compiles' + SANDBOXED_COMPILES_HOST_DIR: '/home/overleaf/sharelatex_data/data/compiles' + SANDBOXED_COMPILES_CONTAINER_TIMEOUT: 3600000 + TEX_LIVE_DOCKER_IMAGE: "ghcr.io/lcpu-club/sharelatex-base:2024.1" + ALL_TEX_LIVE_DOCKER_IMAGES: "ghcr.io/lcpu-club/sharelatex-base:2024.1,ghcr.io/lcpu-club/sharelatex-base:2022.1,ghcr.io/lcpu-club/sharelatex-base:2020.1" + ALL_TEX_LIVE_DOCKER_IMAGE_NAMES: "TeX Live 2024,TeX Live 2022,TeX Live 2020" + DOCKER_RUNNER: true + DOCKER_USER: "www-data" + + OVERLEAF_IS_SERVER_PRO: true ## Works with test LDAP server shown at bottom of docker compose # OVERLEAF_LDAP_URL: 'ldap://ldap:389' diff --git a/server-ce/config/settings.js b/server-ce/config/settings.js index 36224f0750..5fa61bde87 100644 --- a/server-ce/config/settings.js +++ b/server-ce/config/settings.js @@ -47,11 +47,30 @@ const parseIntOrFail = function (value) { const DATA_DIR = '/var/lib/overleaf/data' const TMP_DIR = '/var/lib/overleaf/tmp' +const images = process.env.ALL_TEX_LIVE_DOCKER_IMAGES.split(',') +const imageNames = process.env.ALL_TEX_LIVE_DOCKER_IMAGE_NAMES.split(',') + +if (images.length !== imageNames.length) { + throw new Error(`image and imageName count mismatched`) +} +const allowedImageNames = [] +images.forEach((_, i) => { + allowedImageNames.push({imageName: images[i], imageDesc: imageNames[i]}) +}); + const settings = { clsi: { optimiseInDocker: process.env.OPTIMISE_PDF === 'true', + dockerRunner: process.env.DOCKER_RUNNER === 'true', + docker: { + maxContainerAge: process.env.SANDBOXED_COMPILES_CONTAINER_TIMEOUT, + image: process.env.TEX_LIVE_DOCKER_IMAGE, + user: process.env.DOCKER_USER, + }, }, + allowedImageNames: allowedImageNames, + brandPrefix: '', allowAnonymousReadAndWriteSharing: @@ -172,6 +191,7 @@ const settings = { clsiCacheDir: Path.join(DATA_DIR, 'cache'), // Where to write the output files to disk after running LaTeX outputDir: Path.join(DATA_DIR, 'output'), + sandboxedCompilesHostDir: process.env.SANDBOXED_COMPILES_HOST_DIR, }, // Server Config diff --git a/services/web/app/src/Features/Project/ProjectOptionsHandler.js b/services/web/app/src/Features/Project/ProjectOptionsHandler.js index 5ca89ce145..3c3480144a 100644 --- a/services/web/app/src/Features/Project/ProjectOptionsHandler.js +++ b/services/web/app/src/Features/Project/ProjectOptionsHandler.js @@ -30,7 +30,7 @@ const ProjectOptionsHandler = { throw new Error(`invalid imageName: ${imageName}`) } const conditions = { _id: projectId } - const update = { imageName: settings.imageRoot + '/' + imageName } + const update = { imageName: imageName } return Project.updateOne(conditions, update, {}) },