secure python execution

make snekbox a class adds nsjail 2.5 (compiled on alpine 3.7) execute python code via nsjail
author: Christopher Baklid <[email protected]> 2018-05-30 19:52:07 +0200
committer: GitHub <[email protected]> 2018-05-30 19:52:07 +0200
commit: 7f756fd7f709bc74b3eb558dccb44607844fedb4 (patch)
tree: 5844b9023466373233094a5de2ae3c192dd9b67b /docker
parent: typo in debug output (diff)
1 files changed, 3 insertions, 5 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile
index cb25d34..52e6b25 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,8 +1,7 @@
 FROM python:3.6-alpine3.7
 
-RUN apk add --update tini
+RUN apk add --no-cache libstdc++ protobuf
 RUN apk add --update build-base
-RUN addgroup -g 1000 -S snek && adduser -u 1000 -S snek -G snek
 
 ENV PIPENV_VENV_IN_PROJECT=1
 ENV PIPENV_IGNORE_VIRTUALENVS=1
@@ -20,8 +19,7 @@ WORKDIR /snekbox
 
 RUN pipenv sync
 
-RUN chown -R snek:snek /snekbox
-USER snek
+RUN cp binaries/nsjail /usr/sbin/nsjail
+RUN chmod +x /usr/sbin/nsjail
 
-ENTRYPOINT ["/sbin/tini", "--"]
 CMD ["pipenv", "run", "snekbox"]
author	Christopher Baklid <[email protected]>	2018-05-30 19:52:07 +0200
committer	GitHub <[email protected]>	2018-05-30 19:52:07 +0200
commit	7f756fd7f709bc74b3eb558dccb44607844fedb4 (patch)
tree	5844b9023466373233094a5de2ae3c192dd9b67b /docker
parent	typo in debug output (diff)