Refactor Sandboxed Compiles

2026-05-23 17:19:37 +02:00 · 2025-05-13 17:13:27 +02:00
parent c04a1ddd02
commit 30be4f1428
4 changed files with 24 additions and 39 deletions
--- a/server-ce/config/settings.js
+++ b/server-ce/config/settings.js
@@ -464,35 +464,6 @@ switch (process.env.OVERLEAF_FILESTORE_BACKEND) {
    }
 }

-// Overleaf Extended CE Compiler options to enable sandboxed compiles.
-// -----------
-if (process.env.SANDBOXED_COMPILES === 'true') {
-  settings.clsi = {
-    ...settings.clsi,
-    dockerRunner: true,
-    docker: {
-      image: process.env.TEX_LIVE_DOCKER_IMAGE,
-      user:  process.env.TEX_LIVE_DOCKER_USER || 'www-data',
-    }
-  }
-
-  if (settings.path == null) {
-    settings.path = {}
-  }
-  settings.path.synctexBaseDir = () => '/compile'
-  if (process.env.SANDBOXED_COMPILES_SIBLING_CONTAINERS === 'true') {
-    console.log('Using sibling containers for sandboxed compiles')
-    if (process.env.SANDBOXED_COMPILES_HOST_DIR) {
-      settings.path.sandboxedCompilesHostDir =
-        process.env.SANDBOXED_COMPILES_HOST_DIR
-    } else {
-      console.error(
-        'Sibling containers, but SANDBOXED_COMPILES_HOST_DIR not set'
-      )
-    }
-  }
-}
-
 // With lots of incoming and outgoing HTTP connections to different services,
 // sometimes long running, it is a good idea to increase the default number
 // of sockets that Node will hold open.
--- a/services/clsi/config/settings.defaults.js
+++ b/services/clsi/config/settings.defaults.js
@@ -107,7 +107,7 @@ if ((process.env.DOCKER_RUNNER || process.env.SANDBOXED_COMPILES) === 'true') {
        CLSI: 1,
      },
      socketPath: '/var/run/docker.sock',
-      user: process.env.TEXLIVE_IMAGE_USER || 'tex',
+      user: process.env.TEXLIVE_IMAGE_USER || 'www-data',
    },
    optimiseInDocker: true,
    expireProjectAfterIdleMs: 24 * 60 * 60 * 1000,
--- a/services/web/config/settings.defaults.js
+++ b/services/web/config/settings.defaults.js
@@ -1008,6 +1008,7 @@ module.exports = {
    'launchpad',
    'server-ce-scripts',
    'user-activate',
+    'sandboxed-compiles',
    'symbol-palette',
    'track-changes',
    'authentication/ldap',
@@ -1041,15 +1042,6 @@ module.exports = {
    enabled: false,
  },

-  allowedImageNames: process.env.SANDBOXED_COMPILES === 'true'
-    ? parseTextExtensions(process.env.ALL_TEX_LIVE_DOCKER_IMAGES)
-        .map((imageName, index) => ({
-          imageName,
-          imageDesc: parseTextExtensions(process.env.ALL_TEX_LIVE_DOCKER_IMAGE_NAMES)[index]
-            || imageName.split(':')[1],
-        }))
-    : undefined,
-
  oauthProviders: {
    ...(process.env.EXTERNAL_AUTH && process.env.EXTERNAL_AUTH.includes('oidc') && {
      [process.env.OVERLEAF_OIDC_PROVIDER_ID || 'oidc']: {
--- a/services/web/modules/sandboxed-compiles/index.mjs
+++ b/services/web/modules/sandboxed-compiles/index.mjs
@@ -0,0 +1,22 @@
+import Settings from '@overleaf/settings'
+
+const parseTextExtensions = function (extensions) {
+  if (extensions) {
+    return extensions.split(',').map(ext => ext.trim())
+  } else {
+    return []
+  }
+}
+
+if (process.env.SANDBOXED_COMPILES === 'true') {
+  Settings.allowedImageNames = parseTextExtensions(process.env.ALL_TEX_LIVE_DOCKER_IMAGES)
+    .map((imageName, index) => ({
+      imageName,
+      imageDesc: parseTextExtensions(process.env.ALL_TEX_LIVE_DOCKER_IMAGE_NAMES)[index]
+        || imageName.split(':')[1],
+    }))
+  if(!process.env.TEX_LIVE_DOCKER_IMAGE) {
+    process.env.TEX_LIVE_DOCKER_IMAGE = Settings.allowedImageNames[0].imageName
+  }
+  Settings.currentImageName = process.env.TEX_LIVE_DOCKER_IMAGE
+}