feat(clsi): sandboxed compiles

Author: HolgerHuo

docker-compose.yml

@@ -20,7 +20,7 @@ services:
             ####  Server Pro: Uncomment the following line to mount the docker  ####
             ####             socket, required for Sibling Containers to work    ####
             ########################################################################
-            # - /var/run/docker.sock:/var/run/docker.sock
+            - /var/run/docker.sock:/var/run/docker.sock
         environment:
 
             OVERLEAF_APP_NAME: Overleaf Community Edition
@@ -81,7 +81,15 @@ services:
             SANDBOXED_COMPILES: 'true'
             SANDBOXED_COMPILES_SIBLING_CONTAINERS: 'true'
             ### Bind-mount source for /var/lib/overleaf/data/compiles inside the container.
-            SANDBOXED_COMPILES_HOST_DIR: '/home/user/sharelatex_data/data/compiles'
+            SANDBOXED_COMPILES_HOST_DIR: '/home/overleaf/sharelatex_data/data/compiles'
+            SANDBOXED_COMPILES_CONTAINER_TIMEOUT: 3600000
+            TEX_LIVE_DOCKER_IMAGE: "ghcr.io/lcpu-club/sharelatex-base:2024.1"
+            ALL_TEX_LIVE_DOCKER_IMAGES: "ghcr.io/lcpu-club/sharelatex-base:2024.1,ghcr.io/lcpu-club/sharelatex-base:2022.1,ghcr.io/lcpu-club/sharelatex-base:2020.1"
+            ALL_TEX_LIVE_DOCKER_IMAGE_NAMES: "TeX Live 2024,TeX Live 2022,TeX Live 2020"
+            DOCKER_RUNNER: true
+            DOCKER_USER: "www-data"
+
+            OVERLEAF_IS_SERVER_PRO: true
 
             ## Works with test LDAP server shown at bottom of docker compose
             # OVERLEAF_LDAP_URL: 'ldap://ldap:389'

server-ce/config/settings.js

@@ -47,11 +47,30 @@ const parseIntOrFail = function (value) {
 const DATA_DIR = '/var/lib/overleaf/data'
 const TMP_DIR = '/var/lib/overleaf/tmp'
 
+const images = process.env.ALL_TEX_LIVE_DOCKER_IMAGES.split(',')
+const imageNames = process.env.ALL_TEX_LIVE_DOCKER_IMAGE_NAMES.split(',')
+
+if (images.length !== imageNames.length) {
+  throw new Error(`image and imageName count mismatched`)
+}
+const allowedImageNames = []
+images.forEach((_, i) => {
+  allowedImageNames.push({imageName: images[i], imageDesc: imageNames[i]})
+});
+
 const settings = {
   clsi: {
     optimiseInDocker: process.env.OPTIMISE_PDF === 'true',
+    dockerRunner: process.env.DOCKER_RUNNER === 'true',
+    docker: {
+      maxContainerAge: process.env.SANDBOXED_COMPILES_CONTAINER_TIMEOUT,
+      image: process.env.TEX_LIVE_DOCKER_IMAGE,
+      user: process.env.DOCKER_USER,
+    },
   },
 
+  allowedImageNames: allowedImageNames,
+
   brandPrefix: '',
 
   allowAnonymousReadAndWriteSharing:
@@ -172,6 +191,7 @@ const settings = {
     clsiCacheDir: Path.join(DATA_DIR, 'cache'),
     // Where to write the output files to disk after running LaTeX
     outputDir: Path.join(DATA_DIR, 'output'),
+    sandboxedCompilesHostDir: process.env.SANDBOXED_COMPILES_HOST_DIR,
   },
 
   // Server Config

services/web/app/src/Features/Project/ProjectOptionsHandler.js

@@ -30,7 +30,7 @@ const ProjectOptionsHandler = {
       throw new Error(`invalid imageName: ${imageName}`)
     }
     const conditions = { _id: projectId }
-    const update = { imageName: settings.imageRoot + '/' + imageName }
+    const update = { imageName: imageName }
     return Project.updateOne(conditions, update, {})
   },