diff --git a/services/clsi/app/js/DockerRunner.js b/services/clsi/app/js/DockerRunner.js index def02eaf5b..97053c1875 100644 --- a/services/clsi/app/js/DockerRunner.js +++ b/services/clsi/app/js/DockerRunner.js @@ -232,8 +232,8 @@ const DockerRunner = { } } // set the path based on the image year - const match = image.match(/:([0-9]+)\.[0-9]+/) - const year = match ? match[1] : '2014' + const match = image.match(/:([0-9]+)\.[0-9]+|:TL([0-9]+)/) + const year = match ? match[1] || match[2] : '2014' env.PATH = `/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/texlive/${year}/bin/x86_64-linux/` const options = { Cmd: command, diff --git a/services/clsi/config/settings.defaults.js b/services/clsi/config/settings.defaults.js index 1d82258a8e..bd5614eb98 100644 --- a/services/clsi/config/settings.defaults.js +++ b/services/clsi/config/settings.defaults.js @@ -107,7 +107,7 @@ if ((process.env.DOCKER_RUNNER || process.env.SANDBOXED_COMPILES) === 'true') { CLSI: 1, }, socketPath: '/var/run/docker.sock', - user: process.env.TEXLIVE_IMAGE_USER || 'tex', + user: process.env.TEXLIVE_IMAGE_USER || 'www-data', }, optimiseInDocker: true, expireProjectAfterIdleMs: 24 * 60 * 60 * 1000, diff --git a/services/clsi/seccomp/clsi-profile.json b/services/clsi/seccomp/clsi-profile.json index 084354b15c..ad95130f76 100644 --- a/services/clsi/seccomp/clsi-profile.json +++ b/services/clsi/seccomp/clsi-profile.json @@ -829,13 +829,19 @@ "args": [] }, { - "name": "gettimeofday", - "action": "SCMP_ACT_ALLOW", - "args": [] - }, { - "name": "epoll_pwait", - "action": "SCMP_ACT_ALLOW", - "args": [] + "name": "gettimeofday", + "action": "SCMP_ACT_ALLOW", + "args": [] + }, + { + "name": "epoll_pwait", + "action": "SCMP_ACT_ALLOW", + "args": [] + }, + { + "name": "poll", + "action": "SCMP_ACT_ALLOW", + "args": [] } ] -} \ No newline at end of file +} diff --git a/services/web/app/src/Features/Compile/ClsiManager.js b/services/web/app/src/Features/Compile/ClsiManager.js index 6f11297248..94208e8607 100644 --- a/services/web/app/src/Features/Compile/ClsiManager.js +++ b/services/web/app/src/Features/Compile/ClsiManager.js @@ -692,7 +692,7 @@ async function _getContentFromMongo(projectId) { function _finaliseRequest(projectId, options, project, docs, files) { const resources = [] - let flags + let flags = [] let rootResourcePath = null let rootResourcePathOverride = null let hasMainFile = false @@ -771,6 +771,10 @@ function _finaliseRequest(projectId, options, project, docs, files) { flags = ['-file-line-error'] } + if (process.env.TEX_COMPILER_EXTRA_FLAGS) { + flags.push(...process.env.TEX_COMPILER_EXTRA_FLAGS.split(/\s+/).filter(Boolean)) + } + return { compile: { options: { diff --git a/services/web/app/src/Features/Project/ProjectEditorHandler.js b/services/web/app/src/Features/Project/ProjectEditorHandler.js index 05e5beba09..5c870573c8 100644 --- a/services/web/app/src/Features/Project/ProjectEditorHandler.js +++ b/services/web/app/src/Features/Project/ProjectEditorHandler.js @@ -22,10 +22,7 @@ module.exports = ProjectEditorHandler = { deletedByExternalDataSource: project.deletedByExternalDataSource || false, members: [], invites: this.buildInvitesView(invites), - imageName: - project.imageName != null - ? Path.basename(project.imageName) - : undefined, + imageName: project.imageName, } ;({ owner, ownerFeatures, members } = diff --git a/services/web/app/src/Features/Project/ProjectOptionsHandler.js b/services/web/app/src/Features/Project/ProjectOptionsHandler.js index c0c11c396c..5d0001bcf4 100644 --- a/services/web/app/src/Features/Project/ProjectOptionsHandler.js +++ b/services/web/app/src/Features/Project/ProjectOptionsHandler.js @@ -24,7 +24,6 @@ const ProjectOptionsHandler = { if (!imageName || !Array.isArray(settings.allowedImageNames)) { return } - imageName = imageName.toLowerCase() const isAllowed = settings.allowedImageNames.find( allowed => imageName === allowed.imageName ) @@ -32,7 +31,7 @@ const ProjectOptionsHandler = { throw new Error(`invalid imageName: ${imageName}`) } const conditions = { _id: projectId } - const update = { imageName: settings.imageRoot + '/' + imageName } + const update = { imageName: imageName } return Project.updateOne(conditions, update, {}) }, diff --git a/services/web/config/settings.defaults.js b/services/web/config/settings.defaults.js index a7ff970ef0..8effabe9c5 100644 --- a/services/web/config/settings.defaults.js +++ b/services/web/config/settings.defaults.js @@ -1005,6 +1005,7 @@ module.exports = { 'launchpad', 'server-ce-scripts', 'user-activate', + 'sandboxed-compiles', ], viewIncludes: {}, @@ -1031,6 +1032,7 @@ module.exports = { managedUsers: { enabled: false, }, + } module.exports.mergeWith = function (overrides) { diff --git a/services/web/modules/sandboxed-compiles/index.mjs b/services/web/modules/sandboxed-compiles/index.mjs new file mode 100644 index 0000000000..d494a3eec4 --- /dev/null +++ b/services/web/modules/sandboxed-compiles/index.mjs @@ -0,0 +1,22 @@ +import Settings from '@overleaf/settings' + +const parseTextExtensions = function (extensions) { + if (extensions) { + return extensions.split(',').map(ext => ext.trim()) + } else { + return [] + } +} + +if (process.env.SANDBOXED_COMPILES === 'true') { + Settings.allowedImageNames = parseTextExtensions(process.env.ALL_TEX_LIVE_DOCKER_IMAGES) + .map((imageName, index) => ({ + imageName, + imageDesc: parseTextExtensions(process.env.ALL_TEX_LIVE_DOCKER_IMAGE_NAMES)[index] + || imageName.split(':')[1], + })) + if(!process.env.TEX_LIVE_DOCKER_IMAGE) { + process.env.TEX_LIVE_DOCKER_IMAGE = Settings.allowedImageNames[0].imageName + } + Settings.currentImageName = process.env.TEX_LIVE_DOCKER_IMAGE +}