valknar/llmx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: do not grant "node" user sudo access when using run_in_container.sh (#627)

Browse Source 
This exploration came out of my review of
https://github.com/openai/codex/pull/414.

`run_in_container.sh` runs Codex in a Docker container like so:


bd1c3deed9/codex-cli/scripts/run_in_container.sh (L51-L58)

But then runs `init_firewall.sh` to set up the firewall to restrict
network access.

Previously, we did this by adding `/usr/local/bin/init_firewall.sh` to
the container and adding a special rule in `/etc/sudoers.d` so the
unprivileged user (`node`) could run the privileged `init_firewall.sh`
script to open up the firewall for `api.openai.com`:


31d0d7a305/codex-cli/Dockerfile (L51-L56)

Though I believe this is unnecessary, as we can use `docker exec --user
root` from _outside_ the container to run
`/usr/local/bin/init_firewall.sh` as `root` without adding a special
case in `/etc/sudoers.d`.

This appears to work as expected, as I tested it by doing the following:

```
./codex-cli/scripts/build_container.sh
./codex-cli/scripts/run_in_container.sh 'what is the output of `curl https://www.openai.com`'
```

This was a bit funny because in some of my runs, Codex wasn't convinced
it had network access, so I had to convince it to try the `curl`
request:


![image](https://github.com/user-attachments/assets/80bd487c-74e2-4cd3-aa0f-26a6edd8d3f7)

As you can see, when it ran `curl -s https\://www.openai.com`, it a
connection failure, so the network policy appears to be working as
intended.

Note this PR also removes `sudo` from the `apt-get install` list in the
`Dockerfile`.
This commit is contained in:
Michael Bolin
2025-04-24 14:25:02 -07:00
committed by GitHub
parent bd1c3deed9
commit 61805a832d
2 changed files with 7 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
codex-cli/Dockerfile
View File

@@ -20,7 +20,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
less \ less \
man-db \ man-db \
procps \ procps \
sudo \
unzip \ unzip \
ripgrep \ ripgrep \
zsh \ zsh \
@@ -47,10 +46,10 @@ RUN npm install -g codex.tgz \
&& rm -rf /usr/local/share/npm-global/lib/node_modules/codex-cli/tests \ && rm -rf /usr/local/share/npm-global/lib/node_modules/codex-cli/tests \
&& rm -rf /usr/local/share/npm-global/lib/node_modules/codex-cli/docs && rm -rf /usr/local/share/npm-global/lib/node_modules/codex-cli/docs
# Copy and set up firewall script # Copy and set up firewall script as root.
COPY scripts/init_firewall.sh /usr/local/bin/
USER root USER root
RUN chmod +x /usr/local/bin/init_firewall.sh && \ COPY scripts/init_firewall.sh /usr/local/bin/
echo "node ALL=(root) NOPASSWD: /usr/local/bin/init_firewall.sh" > /etc/sudoers.d/node-firewall && \ RUN chmod 500 /usr/local/bin/init_firewall.sh
chmod 0440 /etc/sudoers.d/node-firewall
# Drop back to non-root.
USER node USER node

4
codex-cli/scripts/run_in_container.sh
View File

@@ -57,8 +57,8 @@ docker run --name "$CONTAINER_NAME" -d \
codex \ codex \
sleep infinity sleep infinity
# Initialize the firewall inside the container. # Initialize the firewall inside the container with root privileges.
docker exec "$CONTAINER_NAME" bash -c "sudo /usr/local/bin/init_firewall.sh" docker exec --user root "$CONTAINER_NAME" /usr/local/bin/init_firewall.sh
# Execute the provided command in the container, ensuring it runs in the work directory. # Execute the provided command in the container, ensuring it runs in the work directory.
# We use a parameterized bash command to safely handle the command and directory. # We use a parameterized bash command to safely handle the command and directory.