fix: set environment variables for banned hosts and preload library in sandbox execution

2025-11-05 21:19:53 +08:00 · 2025-11-05 21:19:53 +08:00 · bb7dfbc2fe
parent ebf54aa12f
commit bb7dfbc2fe
1 changed files with 4 additions and 5 deletions
--- a/apps/common/utils/tool_code.py
+++ b/apps/common/utils/tool_code.py
@ -54,8 +54,6 @@ try:
    path_to_exclude = ['/opt/py3/lib/python3.11/site-packages', '/opt/maxkb-app/apps']
    sys.path = [p for p in sys.path if p not in path_to_exclude]
    sys.path += {python_paths}
    os.environ['MAXKB_SANDBOX_PYTHON_BANNED_HOSTS'] = '{self.banned_hosts}'
    os.environ['LD_PRELOAD'] = '/opt/maxkb-app/sandbox/sandbox.so'
    locals_v={'{}'}
    keywords={keywords}
    globals_v=globals()
@ -162,8 +160,6 @@ logging.getLogger("mcp.server").setLevel(logging.ERROR)
 path_to_exclude = ['/opt/py3/lib/python3.11/site-packages', '/opt/maxkb-app/apps']
 sys.path = [p for p in sys.path if p not in path_to_exclude]
 sys.path += {python_paths}
 os.environ['MAXKB_SANDBOX_PYTHON_BANNED_HOSTS'] = '{self.banned_hosts}'
 os.environ['LD_PRELOAD'] = '/opt/maxkb-app/sandbox/sandbox.so'
 exec({dedent(code)!a})
 """
@ -202,7 +198,10 @@ exec({dedent(code)!a})
            file.write(_code)
            os.system(f"chown {self.user}:root {exec_python_file}")
        kwargs = {'cwd': BASE_DIR}
-        kwargs['env'] = {}
+        kwargs['env'] = {
            'LD_PRELOAD': '/opt/maxkb-app/sandbox/sandbox.so',
            'MAXKB_SANDBOX_PYTHON_BANNED_HOSTS': self.banned_hosts,
        }
        subprocess_result = subprocess.run(
            ['su', '-s', python_directory, '-c', "exec(open('" + exec_python_file + "').read())", self.user],
            text=True,