refactor: prevent execution of arbitrary commands in container

- Preserve the removal of certain commands to prevent the container from executing arbitrary commands Signed-off-by: 陳鈞 <jim60105@gmail.com>
Recorder-moe · Oct 3, 2024 · 38a60b3 · 38a60b3
1 parent bf17c6a
commit 38a60b3
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -38,8 +38,9 @@ RUN --mount=type=cache,id=apk-$TARGETARCH$TARGETVARIANT,sharing=locked,target=/v
     cp /ffprobe /usr/bin/ && \
     cp /dumb-init /usr/bin/
 
-# Remove these to prevent the container from executing arbitrary commands
-RUN rm /bin/echo /bin/ln /bin/rm /bin/sh
+# Recorder.moe edit: Preserve these as we will need to mv the files after recording.
+# # Remove these to prevent the container from executing arbitrary commands
+# RUN rm /bin/echo /bin/ln /bin/rm /bin/sh
 
 WORKDIR /download