diff options
| -rw-r--r-- | docs/sandbox.md | 18 | ||||
| -rw-r--r-- | packages/cli/src/utils/sandbox.ts | 10 |
2 files changed, 27 insertions, 1 deletions
diff --git a/docs/sandbox.md b/docs/sandbox.md index 87763685..508a0d03 100644 --- a/docs/sandbox.md +++ b/docs/sandbox.md @@ -77,6 +77,24 @@ Built-in profiles (set via `SEATBELT_PROFILE` env var): - `restrictive-open`: Strict restrictions, network allowed - `restrictive-closed`: Maximum restrictions +### Custom Sandbox Flags + +For container-based sandboxing, you can inject custom flags into the `docker` or `podman` command using the `SANDBOX_FLAGS` environment variable. This is useful for advanced configurations, such as disabling security features for specific use cases. + +**Example (Podman)**: + +To disable SELinux labeling for volume mounts, you can set the following: + +```bash +export SANDBOX_FLAGS="--security-opt label=disable" +``` + +Multiple flags can be provided as a space-separated string: + +```bash +export SANDBOX_FLAGS="--flag1 --flag2=value" +``` + ## Linux UID/GID handling The sandbox automatically handles user permissions on Linux. Override these permissions with: diff --git a/packages/cli/src/utils/sandbox.ts b/packages/cli/src/utils/sandbox.ts index 72b5e56b..d53608d1 100644 --- a/packages/cli/src/utils/sandbox.ts +++ b/packages/cli/src/utils/sandbox.ts @@ -9,7 +9,7 @@ import os from 'node:os'; import path from 'node:path'; import fs from 'node:fs'; import { readFile } from 'node:fs/promises'; -import { quote } from 'shell-quote'; +import { quote, parse } from 'shell-quote'; import { USER_SETTINGS_DIR, SETTINGS_DIRECTORY_NAME, @@ -399,6 +399,14 @@ export async function start_sandbox( // run init binary inside container to forward signals & reap zombies const args = ['run', '-i', '--rm', '--init', '--workdir', containerWorkdir]; + // add custom flags from SANDBOX_FLAGS + if (process.env.SANDBOX_FLAGS) { + const flags = parse(process.env.SANDBOX_FLAGS, process.env).filter( + (f): f is string => typeof f === 'string', + ); + args.push(...flags); + } + // add TTY only if stdin is TTY as well, i.e. for piped input don't init TTY in container if (process.stdin.isTTY) { args.push('-t'); |