-
Notifications
You must be signed in to change notification settings - Fork 146
run_code as a user instead of root #94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from 14 commits
8ad22ef
14e0c51
9d73789
e6edde7
4aeaeef
741e0e5
822beda
162c3de
f1c427d
38ee9c7
f16e512
23f58ea
4a8c98a
44c2a42
d49ea96
f4fc072
feb767e
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
--- | ||
'@e2b/code-interpreter-template': patch | ||
'@e2b/code-interpreter-python': patch | ||
'@e2b/code-interpreter': patch | ||
--- | ||
|
||
adds the ability to set the user for new contexts |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,10 +9,9 @@ | |
# JS SDK | ||
# import { Sandbox } from 'e2b' | ||
# const sandbox = await Sandbox.create('code-interpreter-v1') | ||
|
||
team_id = "460355b3-4f64-48f9-9a16-4442817f79f5" | ||
memory_mb = 1_024 | ||
start_cmd = "/root/.jupyter/start-up.sh" | ||
start_cmd = "sudo -u user /home/user/.jupyter/start-up.sh" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. one thing: this is a breaking change, should I put a script in /root/.jupyter/start-up.sh that just calls the actual start-up.sh with sudo -u user? |
||
dockerfile = "e2b.Dockerfile" | ||
template_name = "code-interpreter-v1" | ||
template_id = "nlhz8vlwyupq845jsdg9" | ||
template_id = "nlhz8vlwyupq845jsdg9" | ||
mishushakov marked this conversation as resolved.
Show resolved
Hide resolved
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,26 +1,34 @@ | ||
FROM python:3.10.14 | ||
|
||
ENV HOME=/home/user | ||
|
||
ENV JAVA_HOME=/opt/java/openjdk | ||
COPY --from=eclipse-temurin:11-jdk $JAVA_HOME $JAVA_HOME | ||
ENV PATH="${JAVA_HOME}/bin:${PATH}" | ||
|
||
RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y --no-install-recommends \ | ||
build-essential curl git util-linux jq sudo fonts-noto-cjk | ||
|
||
# Create new user with root privileges while keeping root user | ||
RUN useradd -m -s /bin/bash user && \ | ||
echo 'user ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers && \ | ||
echo 'user:password' | chpasswd && \ | ||
usermod -aG sudo user | ||
|
||
# Install Node.js 20.x from NodeSource | ||
RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \ | ||
apt-get install -y nodejs | ||
|
||
ENV PIP_DEFAULT_TIMEOUT=100 \ | ||
PIP_DISABLE_PIP_VERSION_CHECK=1 \ | ||
PIP_NO_CACHE_DIR=1 \ | ||
JUPYTER_CONFIG_PATH="/root/.jupyter" \ | ||
IPYTHON_CONFIG_PATH="/root/.ipython" \ | ||
SERVER_PATH="/root/.server" | ||
JUPYTER_CONFIG_PATH="$HOME/.jupyter" \ | ||
IPYTHON_CONFIG_PATH="$HOME/.ipython" \ | ||
SERVER_PATH="$HOME/.server" | ||
|
||
# Install Jupyter | ||
COPY ./template/requirements.txt requirements.txt | ||
RUN pip install --no-cache-dir -r requirements.txt && ipython kernel install --name "python3" --user | ||
RUN pip install --no-cache-dir -r requirements.txt && ipython kernel install --name "python3" | ||
|
||
# Javascript Kernel | ||
RUN npm install -g --unsafe-perm ijavascript | ||
|
@@ -33,8 +41,12 @@ COPY ./template/.ts.swcrc $SERVER_PATH/.ts.swcrc | |
# Deno Kernel | ||
COPY --from=denoland/deno:bin-2.0.4 /deno /usr/bin/deno | ||
RUN chmod +x /usr/bin/deno | ||
RUN deno jupyter --unstable --install | ||
COPY ./template/deno.json /root/.local/share/jupyter/kernels/deno/kernel.json | ||
RUN deno jupyter --unstable --install && \ | ||
mkdir -p /usr/local/share/jupyter/kernels/deno && \ | ||
mv $HOME/.local/share/jupyter/kernels/deno/* /usr/local/share/jupyter/kernels/deno/ && \ | ||
rmdir $HOME/.local/share/jupyter/kernels/deno | ||
|
||
COPY ./template/deno.json /usr/local/share/jupyter/kernels/deno/kernel.json | ||
|
||
# Create separate virtual environment for server | ||
RUN python -m venv $SERVER_PATH/.venv | ||
|
@@ -46,7 +58,7 @@ RUN $SERVER_PATH/.venv/bin/pip install --no-cache-dir -r $SERVER_PATH/requiremen | |
COPY ./template/server $SERVER_PATH | ||
|
||
# Copy matplotlibrc | ||
COPY ./template/matplotlibrc /root/.config/matplotlib/matplotlibrc | ||
COPY ./template/matplotlibrc $HOME/.config/matplotlib/matplotlibrc | ||
|
||
# Copy Jupyter configuration | ||
COPY ./template/start-up.sh $JUPYTER_CONFIG_PATH/ | ||
|
@@ -61,7 +73,12 @@ RUN mkdir -p $IPYTHON_CONFIG_PATH/profile_default/startup | |
COPY ./template/startup_scripts/* $IPYTHON_CONFIG_PATH/profile_default/startup | ||
|
||
# Setup entrypoint for local development | ||
WORKDIR /home/user | ||
WORKDIR $HOME | ||
COPY ./chart_data_extractor ./chart_data_extractor | ||
RUN pip install -e ./chart_data_extractor | ||
|
||
# Change ownership of all files to user | ||
RUN chown -R user:user $HOME | ||
|
||
USER user | ||
Comment on lines
+79
to
+83
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. why are you doing it as last thing? If you would set the user as a first thing you probably don't need change the ownership There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. the problem here is: "user" does not exist in python image so this is why it's the last |
||
ENTRYPOINT $JUPYTER_CONFIG_PATH/start-up.sh |
Uh oh!
There was an error while loading. Please reload this page.