Upload 12 files
Browse files- Dockerfile +2 -0
- entrypoint.sh +2 -2
- huggingface_fixes.md +32 -0
Dockerfile
CHANGED
|
@@ -19,6 +19,8 @@ RUN useradd -m -s /bin/bash tunneluser
|
|
| 19 |
|
| 20 |
WORKDIR /app
|
| 21 |
|
|
|
|
|
|
|
| 22 |
COPY . /app
|
| 23 |
|
| 24 |
RUN chmod +x entrypoint.sh
|
|
|
|
| 19 |
|
| 20 |
WORKDIR /app
|
| 21 |
|
| 22 |
+
USER root
|
| 23 |
+
|
| 24 |
COPY . /app
|
| 25 |
|
| 26 |
RUN chmod +x entrypoint.sh
|
entrypoint.sh
CHANGED
|
@@ -16,7 +16,7 @@ fi
|
|
| 16 |
echo "Detected public IP: $PUBLIC_IP"
|
| 17 |
|
| 18 |
# Configure SSH server
|
| 19 |
-
|
| 20 |
chmod 600 /etc/ssh/sshd_config
|
| 21 |
|
| 22 |
# Generate SSH host keys if they don't exist
|
|
@@ -30,7 +30,7 @@ fi
|
|
| 30 |
echo "SSH server started."
|
| 31 |
|
| 32 |
# Configure Dante SOCKS5 server
|
| 33 |
-
|
| 34 |
chmod 644 /etc/danted.conf
|
| 35 |
|
| 36 |
# Start Dante SOCKS5 server
|
|
|
|
| 16 |
echo "Detected public IP: $PUBLIC_IP"
|
| 17 |
|
| 18 |
# Configure SSH server
|
| 19 |
+
cp /app/ssh-config/sshd_config /etc/ssh/sshd_config
|
| 20 |
chmod 600 /etc/ssh/sshd_config
|
| 21 |
|
| 22 |
# Generate SSH host keys if they don't exist
|
|
|
|
| 30 |
echo "SSH server started."
|
| 31 |
|
| 32 |
# Configure Dante SOCKS5 server
|
| 33 |
+
cp /app/socks5-config/danted.conf /etc/danted.conf
|
| 34 |
chmod 644 /etc/danted.conf
|
| 35 |
|
| 36 |
# Start Dante SOCKS5 server
|
huggingface_fixes.md
CHANGED
|
@@ -71,3 +71,35 @@ When deploying to Hugging Face Spaces:
|
|
| 71 |
|
| 72 |
These fixes should resolve the common issues encountered when running the SSH/SOCKS5 NAT Gateway application in Hugging Face Spaces or similar containerized environments.
|
| 73 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 71 |
|
| 72 |
These fixes should resolve the common issues encountered when running the SSH/SOCKS5 NAT Gateway application in Hugging Face Spaces or similar containerized environments.
|
| 73 |
|
| 74 |
+
|
| 75 |
+
|
| 76 |
+
### 3. `sudo: The "no new privileges" flag is set` Error
|
| 77 |
+
|
| 78 |
+
**Error:**
|
| 79 |
+
```
|
| 80 |
+
sudo: The "no new privileges" flag is set, which prevents sudo from running as root.
|
| 81 |
+
sudo: If sudo is running in a container, you may need to adjust the container configuration to disable the flag.
|
| 82 |
+
```
|
| 83 |
+
|
| 84 |
+
**Root Cause:**
|
| 85 |
+
This error occurs in containerized environments like Hugging Face Spaces when the `no_new_privs` security flag is enabled. This flag prevents processes from gaining new privileges, which `sudo` attempts to do.
|
| 86 |
+
|
| 87 |
+
**Resolution:**
|
| 88 |
+
- Removed `sudo` from `cp` commands in `entrypoint.sh`.
|
| 89 |
+
- Set the `USER` directive in the Dockerfile to `root` before copying files and executing commands that require root privileges. This ensures that the `entrypoint.sh` script and other commands run as the `root` user directly, bypassing the need for `sudo` and avoiding the `no_new_privs` restriction.
|
| 90 |
+
|
| 91 |
+
**Changes Made:**
|
| 92 |
+
```bash
|
| 93 |
+
# In entrypoint.sh - changed from:
|
| 94 |
+
sudo cp /app/ssh-config/sshd_config /etc/ssh/sshd_config
|
| 95 |
+
sudo cp /app/socks5-config/danted.conf /etc/danted.conf
|
| 96 |
+
|
| 97 |
+
# To:
|
| 98 |
+
cp /app/ssh-config/sshd_config /etc/ssh/sshd_config
|
| 99 |
+
cp /app/socks5-config/danted.conf /etc/danted.conf
|
| 100 |
+
|
| 101 |
+
# In Dockerfile - added after WORKDIR /app:
|
| 102 |
+
USER root
|
| 103 |
+
```
|
| 104 |
+
|
| 105 |
+
|