@@ -28,6 +28,7 @@ def __init__(self, sandbox=False):
2828 if self .sandbox :
2929 os .system (f"chown -R { self .user } { self .sandbox_path } )
3030 self .banned_keywords = CONFIG .get ("SANDBOX_PYTHON_BANNED_KEYWORDS" , 'nothing_is_banned' ).split (',' );
31+ self .banned_hosts = CONFIG .get ("SANDBOX_PYTHON_BANNED_HOSTS" , 'no_host_is_banned' );
3132
3233 def _createdir (self ):
3334 old_mask = os .umask (0o077 )
@@ -53,6 +54,8 @@ def exec_code(self, code_str, keywords):
5354 path_to_exclude = ['/opt/py3/lib/python3.11/site-packages', '/opt/maxkb-app/apps']
5455 sys.path = [p for p in sys.path if p not in path_to_exclude]
5556 sys.path += { python_paths }
57+ os.environ['LD_PRELOAD'] = '/opt/maxkb-app/sandbox/sandbox.so'
58+ os.environ['SANDBOX_BANNED_HOSTS'] = { self .banned_hosts }
5659 locals_v={ '{}' }
5760 keywords={ keywords }
5861 globals_v=globals()
@@ -159,6 +162,8 @@ def generate_mcp_server_code(self, code_str, params):
159162path_to_exclude = ['/opt/py3/lib/python3.11/site-packages', '/opt/maxkb-app/apps']
160163sys.path = [p for p in sys.path if p not in path_to_exclude]
161164sys.path += { python_paths }
165+ os.environ['LD_PRELOAD'] = '/opt/maxkb-app/sandbox/sandbox.so'
166+ os.environ['SANDBOX_BANNED_HOSTS'] = { self .banned_hosts }
162167exec({ dedent (code )!a}
163168"""
164169
@@ -197,7 +202,7 @@ def _exec_sandbox(self, _code, _id):
197202 file .write (_code )
198203 os .system (f"chown { self .user } { exec_python_file } )
199204 kwargs = {'cwd' : BASE_DIR }
200- kwargs ['env' ] = {'LD_PRELOAD' : '/opt/maxkb-app/apps/sandbox.so' }
205+ kwargs ['env' ] = {}
201206 subprocess_result = subprocess .run (
202207 ['su' , '-s' , python_directory , '-c' , "exec(open('" + exec_python_file + "').read())" , self .user ],
203208 text = True ,
0 commit comments