You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sandbox.jl currently leaks some information from the host system. You can use the basic example in the README to start a shell:
using Sandbox
config =SandboxConfig(
Dict("/"=> Sandbox.alpine_rootfs());
stdin=Base.stdin,
stdout=Base.stdout,
stderr=Base.stderr,
)
with_executor() do exe
run(exe, config, `/bin/sh`)
end
and here run the commands uname -n and hostname: they'll show the hostname of the host system. Also, the command env will show some environment variables, not many, which include SUDO_COMMAND, SUDO_USER (in case you're using a privileged runner) and SHELL from the host system.
Sandbox.jl
currently leaks some information from the host system. You can use the basic example in the README to start a shell:and here run the commands
uname -n
andhostname
: they'll show the hostname of the host system. Also, the commandenv
will show some environment variables, not many, which includeSUDO_COMMAND
,SUDO_USER
(in case you're using a privileged runner) andSHELL
from the host system.It'd be nice to not leak this information from the outside world inside the sandbox. For example, Elliot suggested we can optionally create a new UTS namespace to set the hostname: https://man7.org/linux/man-pages/man7/uts_namespaces.7.html, https://man7.org/linux/man-pages/man2/gethostname.2.html
The text was updated successfully, but these errors were encountered: