Skip to content

Commit

Permalink
fix(sandbox): add remove_dir/remove_file permissions to sandbox
Browse files Browse the repository at this point in the history 
When an extraction directory is empty, unblob will try to delete it.

This can lead to PermissionError due to insufficient permissions within
the sandbox. The same can happen when deleting files.

We therefore allow unblob to delete directories and files from the
extraction directory with the remove_dir and remove_file permissions.
  • Loading branch information
@qkaiser
qkaiser committed Jan 23, 2025
1 parent 1eb720f commit ac9cf6d
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions unblob/sandbox.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,8 @@ def __init__(
AccessFS.read_write("/dev/shm"), # noqa: S108
# Extracted contents
AccessFS.read_write(config.extract_root),
AccessFS.remove_dir(config.extract_root),
AccessFS.remove_file(config.extract_root),
AccessFS.make_dir(config.extract_root.parent),
AccessFS.read_write(log_path),
*extra_passthrough,
Expand Down

0 comments on commit ac9cf6d

Please sign in to comment.