diff --git a/server-ce/config/settings.js b/server-ce/config/settings.js index dee8952661..7d9fd7702e 100644 --- a/server-ce/config/settings.js +++ b/server-ce/config/settings.js @@ -480,35 +480,6 @@ if ( ) } -// Overleaf Extended CE Compiler options to enable sandboxed compiles. -// ----------- -if (process.env.SANDBOXED_COMPILES === 'true') { - settings.clsi = { - ...settings.clsi, - dockerRunner: true, - docker: { - image: process.env.TEX_LIVE_DOCKER_IMAGE, - user: process.env.TEX_LIVE_DOCKER_USER || 'www-data', - } - } - - if (settings.path == null) { - settings.path = {} - } - settings.path.synctexBaseDir = () => '/compile' - if (process.env.SANDBOXED_COMPILES_SIBLING_CONTAINERS === 'true') { - console.log('Using sibling containers for sandboxed compiles') - if (process.env.SANDBOXED_COMPILES_HOST_DIR) { - settings.path.sandboxedCompilesHostDir = - process.env.SANDBOXED_COMPILES_HOST_DIR - } else { - console.error( - 'Sibling containers, but SANDBOXED_COMPILES_HOST_DIR not set' - ) - } - } -} - // With lots of incoming and outgoing HTTP connections to different services, // sometimes long running, it is a good idea to increase the default number // of sockets that Node will hold open. diff --git a/services/clsi/config/settings.defaults.cjs b/services/clsi/config/settings.defaults.cjs index 074398874d..fc3a9cb151 100644 --- a/services/clsi/config/settings.defaults.cjs +++ b/services/clsi/config/settings.defaults.cjs @@ -139,7 +139,7 @@ if ((process.env.DOCKER_RUNNER || process.env.SANDBOXED_COMPILES) === 'true') { CLSI: 1, }, socketPath: '/var/run/docker.sock', - user: process.env.TEXLIVE_IMAGE_USER || 'tex', + user: process.env.TEXLIVE_IMAGE_USER || 'www-data', }, optimiseInDocker: true, expireProjectAfterIdleMs: 24 * 60 * 60 * 1000, diff --git a/services/web/config/settings.defaults.js b/services/web/config/settings.defaults.js index 8407650714..c228eb5c4e 100644 --- a/services/web/config/settings.defaults.js +++ b/services/web/config/settings.defaults.js @@ -1084,6 +1084,7 @@ module.exports = { 'launchpad', 'server-ce-scripts', 'user-activate', + 'sandboxed-compiles', 'symbol-palette', 'track-changes', 'authentication/ldap', @@ -1119,15 +1120,6 @@ module.exports = { enablePandocConversions: process.env.ENABLE_PANDOC_CONVERSIONS === 'true', - allowedImageNames: process.env.SANDBOXED_COMPILES === 'true' - ? parseTextExtensions(process.env.ALL_TEX_LIVE_DOCKER_IMAGES) - .map((imageName, index) => ({ - imageName, - imageDesc: parseTextExtensions(process.env.ALL_TEX_LIVE_DOCKER_IMAGE_NAMES)[index] - || imageName.split(':')[1], - })) - : undefined, - oauthProviders: { ...(process.env.EXTERNAL_AUTH && process.env.EXTERNAL_AUTH.includes('oidc') && { [process.env.OVERLEAF_OIDC_PROVIDER_ID || 'oidc']: { diff --git a/services/web/modules/sandboxed-compiles/index.mjs b/services/web/modules/sandboxed-compiles/index.mjs new file mode 100644 index 0000000000..d494a3eec4 --- /dev/null +++ b/services/web/modules/sandboxed-compiles/index.mjs @@ -0,0 +1,22 @@ +import Settings from '@overleaf/settings' + +const parseTextExtensions = function (extensions) { + if (extensions) { + return extensions.split(',').map(ext => ext.trim()) + } else { + return [] + } +} + +if (process.env.SANDBOXED_COMPILES === 'true') { + Settings.allowedImageNames = parseTextExtensions(process.env.ALL_TEX_LIVE_DOCKER_IMAGES) + .map((imageName, index) => ({ + imageName, + imageDesc: parseTextExtensions(process.env.ALL_TEX_LIVE_DOCKER_IMAGE_NAMES)[index] + || imageName.split(':')[1], + })) + if(!process.env.TEX_LIVE_DOCKER_IMAGE) { + process.env.TEX_LIVE_DOCKER_IMAGE = Settings.allowedImageNames[0].imageName + } + Settings.currentImageName = process.env.TEX_LIVE_DOCKER_IMAGE +}