diff --git a/server-ce/config/settings.js b/server-ce/config/settings.js index 02e11483dc..a7e8219858 100644 --- a/server-ce/config/settings.js +++ b/server-ce/config/settings.js @@ -464,35 +464,6 @@ switch (process.env.OVERLEAF_FILESTORE_BACKEND) { } } -// Overleaf Extended CE Compiler options to enable sandboxed compiles. -// ----------- -if (process.env.SANDBOXED_COMPILES === 'true') { - settings.clsi = { - ...settings.clsi, - dockerRunner: true, - docker: { - image: process.env.TEX_LIVE_DOCKER_IMAGE, - user: process.env.TEX_LIVE_DOCKER_USER || 'www-data', - } - } - - if (settings.path == null) { - settings.path = {} - } - settings.path.synctexBaseDir = () => '/compile' - if (process.env.SANDBOXED_COMPILES_SIBLING_CONTAINERS === 'true') { - console.log('Using sibling containers for sandboxed compiles') - if (process.env.SANDBOXED_COMPILES_HOST_DIR) { - settings.path.sandboxedCompilesHostDir = - process.env.SANDBOXED_COMPILES_HOST_DIR - } else { - console.error( - 'Sibling containers, but SANDBOXED_COMPILES_HOST_DIR not set' - ) - } - } -} - // With lots of incoming and outgoing HTTP connections to different services, // sometimes long running, it is a good idea to increase the default number // of sockets that Node will hold open. diff --git a/services/clsi/config/settings.defaults.js b/services/clsi/config/settings.defaults.js index 1d82258a8e..bd5614eb98 100644 --- a/services/clsi/config/settings.defaults.js +++ b/services/clsi/config/settings.defaults.js @@ -107,7 +107,7 @@ if ((process.env.DOCKER_RUNNER || process.env.SANDBOXED_COMPILES) === 'true') { CLSI: 1, }, socketPath: '/var/run/docker.sock', - user: process.env.TEXLIVE_IMAGE_USER || 'tex', + user: process.env.TEXLIVE_IMAGE_USER || 'www-data', }, optimiseInDocker: true, expireProjectAfterIdleMs: 24 * 60 * 60 * 1000, diff --git a/services/web/config/settings.defaults.js b/services/web/config/settings.defaults.js index 76fc0f5f0f..acfff367f6 100644 --- a/services/web/config/settings.defaults.js +++ b/services/web/config/settings.defaults.js @@ -1008,6 +1008,7 @@ module.exports = { 'launchpad', 'server-ce-scripts', 'user-activate', + 'sandboxed-compiles', 'symbol-palette', 'track-changes', 'authentication/ldap', @@ -1041,15 +1042,6 @@ module.exports = { enabled: false, }, - allowedImageNames: process.env.SANDBOXED_COMPILES === 'true' - ? parseTextExtensions(process.env.ALL_TEX_LIVE_DOCKER_IMAGES) - .map((imageName, index) => ({ - imageName, - imageDesc: parseTextExtensions(process.env.ALL_TEX_LIVE_DOCKER_IMAGE_NAMES)[index] - || imageName.split(':')[1], - })) - : undefined, - oauthProviders: { ...(process.env.EXTERNAL_AUTH && process.env.EXTERNAL_AUTH.includes('oidc') && { [process.env.OVERLEAF_OIDC_PROVIDER_ID || 'oidc']: { diff --git a/services/web/modules/sandboxed-compiles/index.mjs b/services/web/modules/sandboxed-compiles/index.mjs new file mode 100644 index 0000000000..d494a3eec4 --- /dev/null +++ b/services/web/modules/sandboxed-compiles/index.mjs @@ -0,0 +1,22 @@ +import Settings from '@overleaf/settings' + +const parseTextExtensions = function (extensions) { + if (extensions) { + return extensions.split(',').map(ext => ext.trim()) + } else { + return [] + } +} + +if (process.env.SANDBOXED_COMPILES === 'true') { + Settings.allowedImageNames = parseTextExtensions(process.env.ALL_TEX_LIVE_DOCKER_IMAGES) + .map((imageName, index) => ({ + imageName, + imageDesc: parseTextExtensions(process.env.ALL_TEX_LIVE_DOCKER_IMAGE_NAMES)[index] + || imageName.split(':')[1], + })) + if(!process.env.TEX_LIVE_DOCKER_IMAGE) { + process.env.TEX_LIVE_DOCKER_IMAGE = Settings.allowedImageNames[0].imageName + } + Settings.currentImageName = process.env.TEX_LIVE_DOCKER_IMAGE +}