Hugging Face's logo

Spaces:
Speedofmastery
/
HMM
Sleeping

App Files Community
Speedofmastery commited on
Commit
8a1f753
·
1 Parent(s): 66ed707

Auto-commit: Dockerfile updated

Browse files
Files changed (1) hide show
  1. Dockerfile +46 -31
Dockerfile CHANGED
@@ -1,49 +1,64 @@
1
- # Multi-Language Code Execution Sandbox - Secure Docker Container
2
- FROM python:3.11-slim
 
 
3
 
4
- # Install system dependencies for multiple languages and security tools
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
5
  RUN apt-get update && apt-get install -y \
6
- # Node.js & npm for React/JavaScript
7
- nodejs npm \
8
- # Build tools
9
- build-essential \
10
- gcc g++ \
11
- # Security: Run as non-root user
12
- sudo \
13
- # Cleanup
14
  && rm -rf /var/lib/apt/lists/*
15
 
16
- # Create non-root user for sandbox execution
17
- RUN useradd -m -u 1000 -s /bin/bash sandbox && \
18
- echo "sandbox ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
 
 
19
 
20
  # Set working directory
21
  WORKDIR /app
22
 
23
- # Copy requirements and install Python dependencies
24
- COPY requirements.txt /app/requirements.txt
25
- RUN pip install --no-cache-dir -r requirements.txt
26
 
27
- # Install React dependencies globally
28
- RUN npm install -g react react-dom
29
 
30
  # Copy application code
31
- COPY app.py /app/app.py
32
 
33
- # Create execution directory with restricted permissions
34
- RUN mkdir -p /sandbox && \
35
- chown sandbox:sandbox /sandbox && \
36
- chmod 755 /sandbox
37
 
38
- # Switch to non-root user
39
- USER sandbox
40
-
41
- # Expose port 7860
42
  EXPOSE 7860
43
 
 
 
 
 
 
44
  # Health check
45
  HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
46
- CMD python -c "import requests; requests.get('http://localhost:7860/health')" || exit 1
47
 
48
- # Run the application
49
- CMD ["python", "app.py"]
 
1
+ # ============================================================
2
+ # LANDRUN SANDBOX - Kernel-level Linux Security
3
+ # Multi-stage build: Build landrun + Run FastAPI app
4
+ # ============================================================
5
 
6
+ # Stage 1: Build landrun binary from Go source
7
+ FROM golang:1.22-bookworm AS builder
8
+
9
+ WORKDIR /build
10
+
11
+ # Copy landrun source
12
+ COPY landrun-main/ ./
13
+
14
+ # Build landrun
15
+ RUN cd cmd/landrun && \
16
+ go build -ldflags="-s -w" -o /usr/local/bin/landrun main.go
17
+
18
+ # Stage 2: Production image with Python + landrun
19
+ FROM python:3.11-slim-bookworm
20
+
21
+ # Install system dependencies
22
  RUN apt-get update && apt-get install -y \
23
+ nodejs \
24
+ npm \
25
+ curl \
26
+ procps \
27
+ strace \
 
 
 
28
  && rm -rf /var/lib/apt/lists/*
29
 
30
+ # Copy landrun binary from builder
31
+ COPY --from=builder /usr/local/bin/landrun /usr/local/bin/landrun
32
+
33
+ # Verify landrun works
34
+ RUN landrun --version
35
 
36
  # Set working directory
37
  WORKDIR /app
38
 
39
+ # Copy Python requirements
40
+ COPY requirements.txt .
 
41
 
42
+ # Install Python dependencies
43
+ RUN pip install --no-cache-dir -r requirements.txt
44
 
45
  # Copy application code
46
+ COPY app.py .
47
 
48
+ # Create execution directory
49
+ RUN mkdir -p /tmp/sandbox && chmod 777 /tmp/sandbox
 
 
50
 
51
+ # Expose port for Hugging Face Spaces
 
 
 
52
  EXPOSE 7860
53
 
54
+ # Set environment variables
55
+ ENV PYTHONUNBUFFERED=1
56
+ ENV HOST=0.0.0.0
57
+ ENV PORT=7860
58
+
59
  # Health check
60
  HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
61
+ CMD curl -f http://localhost:7860/health || exit 1
62
 
63
+ # Run FastAPI with uvicorn
64
+ CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]