fix(sandbox): add remove_dir/remove_file permissions to sandbox

qkaiser · qkaiser · commit ac9cf6d74185 · 2025-01-23T17:37:43.000+01:00
When an extraction directory is empty, unblob will try to delete it.

This can lead to PermissionError due to insufficient permissions within
the sandbox. The same can happen when deleting files.

We therefore allow unblob to delete directories and files from the
extraction directory with the remove_dir and remove_file permissions.
diff --git a/unblob/sandbox.py b/unblob/sandbox.py
@@ -47,6 +47,8 @@ def __init__(
             AccessFS.read_write("/dev/shm"),  # noqa: S108
             # Extracted contents
             AccessFS.read_write(config.extract_root),
+            AccessFS.remove_dir(config.extract_root),
+            AccessFS.remove_file(config.extract_root),
             AccessFS.make_dir(config.extract_root.parent),
             AccessFS.read_write(log_path),
             *extra_passthrough,
