R
Railway13mo ago
hitesh

running nsjail inside railway.

I wish to sandbox a script based on a javascript runtime. It works fine on docker but on railway gives a set of permission issues. Any hints?
25 Replies
Percy
Percy13mo ago
Project ID: 98e76ea6-19e8-422c-813b-d262b3a47e33
hitesh
hitesh13mo ago
Brody
Brody13mo ago
are you building with a dockerfile?
hitesh
hitesh13mo ago
yes because I need a few binaries.
Brody
Brody13mo ago
and are you able to build the dockerfile locally and run the image and have your app work fine?
hitesh
hitesh13mo ago
yes
Brody
Brody13mo ago
then it's simply a case of railway does not start the image with significant privileges
hitesh
hitesh13mo ago
ya, how do I fix this? --privileged?
Brody
Brody13mo ago
you can't modify the way railway runs the built image
hitesh
hitesh13mo ago
I see any alternative path comes to your mind? Should I Just reach to railway suppport?
Brody
Brody13mo ago
the hobby plan only has community support available
hitesh
hitesh13mo ago
I am on pro
Brody
Brody13mo ago
fair enough I can't see railway changing this anyway, the images are not started privileged for a good reason
hitesh
hitesh13mo ago
ya
Brody
Brody13mo ago
a vps is more fitting of this usecase in my opinion railway is great for a lot of things, but it will never be a perfect fit for every usecase under the sun
hitesh
hitesh13mo ago
I am going to create a small repo and try to run bun or deno as a minimal server. just to be sure. just to be sure that its not me.
hitesh
hitesh13mo ago
https://github.com/hiteshjoshi/nsjail_railway if you want to take a look
GitHub
hiteshjoshi/nsjail_railway
Contribute to hiteshjoshi/nsjail_railway development by creating an account on GitHub.
hitesh
hitesh13mo ago
Out of context Qs: but is there any official place for railway bouty? I want to seek help from outside like that
Brody
Brody13mo ago
what do you mean seek help from outside? outside of what? what kind of help?
hitesh
hitesh13mo ago
I mean, I want to start bounty on helps like setup railway with any sandboxing library that basically restricts mounts. And propose is to the community, and see if any superman can pick it up and help me.
Brody
Brody13mo ago
if railway isn't starting the images with significant privileges then I don't see how this can be achieved on railway
hitesh
hitesh13mo ago
ya but someone can just not use nsjail and something else to help achieve it? I think somehow its nsjail specific error I mean its not error. Its quite right. But there me something which just does micro of what nsjail is , and help me solve. VPS is just too much efforts.
Brody
Brody13mo ago
I agree vps are a lot of effort, but sometimes the usecase justifies it
hitesh
hitesh13mo ago
have reached out to railway support though. Lets see
hitesh
hitesh13mo ago
https://www.figma.com/blog/server-side-sandboxing-virtual-machines/
Figma
Server-side sandboxing: Virtual machines | Figma Blog
A deep dive on VMs and how we use them at Figma to achieve security isolation
Want results from more Discord servers?
Add your server