-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get RUN_AS_DEVIN working with app sandbox #1426
Merged
rbren
merged 19 commits into
All-Hands-AI:main
from
xingyaoww:run-as-devin-and-network-host
Apr 30, 2024
Merged
Changes from all commits
Commits
Show all changes
19 commits
Select commit
Hold shift + click to select a range
2f2e3d4
get RUN_AS_DEVIN and network=host working with app sandbox
xingyaoww ce6426d
attempt to fix the workspace base permission
xingyaoww ac341fe
sandbox might failed in chown due to mounting, but it won't be fatal
xingyaoww e3157ae
update sshbox instruction
xingyaoww a92b889
remove default user id since it will be passed in the instruction
xingyaoww b6e179e
revert permission fix since it should be resolved by correct SANDBOX_…
xingyaoww 96996e5
the permission issue can be fixed by simply provide correct env var
xingyaoww a564e0f
remove log
xingyaoww 199e9ca
set sandbox user id to getuid by default
xingyaoww ee36c82
move logging to initializer
xingyaoww 7282e21
make the uid consistent across host, app container, and sandbox
xingyaoww 680d2c0
remove hostname as it causes sudo issue
xingyaoww f3a252e
fix permission of entrypoint script
xingyaoww 2e6d759
make the uvicron app run as host user uid for jupyter plugin
xingyaoww 313c16f
Merge branch 'main' into run-as-devin-and-network-host
xingyaoww fcc5897
Merge commit '31c1a2d748f1b0f286f5fce678e7b9311a288fa9' into run-as-d…
xingyaoww 1ce8d5d
revert use host network
xingyaoww cac18c7
get docker socket gid and usermod instead of chmod 777
xingyaoww ec8e5ca
try to fix app build disk space issue
xingyaoww File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
#!/bin/bash | ||
# check user is root | ||
if [ "$(id -u)" -ne 0 ]; then | ||
echo "Please run as root" | ||
exit 1 | ||
fi | ||
|
||
if [ -z "$SANDBOX_USER_ID" ]; then | ||
echo "SANDBOX_USER_ID is not set" | ||
exit 1 | ||
fi | ||
|
||
# change uid of opendevin user to match the host user | ||
# but the group id is not changed, so the user can still access everything under /app | ||
usermod -u $SANDBOX_USER_ID opendevin | ||
|
||
# get the user group of /var/run/docker.sock and set opendevin to that group | ||
DOCKER_SOCKET_GID=$(stat -c '%g' /var/run/docker.sock) | ||
echo "Docker socket group id: $DOCKER_SOCKET_GID" | ||
usermod -aG $DOCKER_SOCKET_GID opendevin | ||
|
||
# switch to the user and start the server | ||
su opendevin -c "cd /app && uvicorn opendevin.server.listen:app --host 0.0.0.0 --port 3000" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we really need to fix the underlying issue here 😅