build(docker): ship a self-contained nsjail sandbox backend in the image

Compile nsjail 3.6 from source in a dedicated multi-stage build and carry only the binary plus its runtime libs (libprotobuf32, libnl-route-3-200) into the final image. This lets the Box runtime isolate sandboxed code via nsjail user/mount/pid/net namespaces without a host Docker socket — the prerequisite for running Box on LangBot Cloud (k8s), where mounting docker.sock would grant node root and is not acceptable for multi-tenant. The build toolchain (build-essential/bison/flex/protobuf-dev/libnl-dev) stays in the nsjail-build stage and is not present in the shipped image. Verified: image builds (583MB), nsjail --help exits 0, libraries resolve, and the real NsjailBackend executes an isolated command end-to-end on a v6.1/cgroup2 host matching LangBot Cloud prod (rlimit fallback path, since container /sys/fs/cgroup is read-only; PID-namespace isolation confirmed).
2026-06-08 14:56:03 +00:00 · 2026-06-07 13:39:16 -04:00
parent 882c9ae8f5
commit c460bd7814
1 changed files with 26 additions and 0 deletions
--- a/26
+++ b/26
@@ -6,6 +6,25 @@ COPY web ./web

 RUN cd web && npm install && npx vite build

+# Build nsjail from source so the image ships a self-contained sandbox backend
+# that needs no host Docker socket. Pinned to a release tag for reproducibility.
+# Multi-stage keeps the compile toolchain (bison/flex/protobuf-dev/libnl-dev)
+# out of the final image; only the nsjail binary and its small runtime libs
+# (libprotobuf, libnl-route-3) are carried over.
+FROM python:3.12.7-slim AS nsjail-build
+
+ARG NSJAIL_VERSION=3.6
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        ca-certificates git build-essential \
+        autoconf bison flex libtool pkg-config \
+        protobuf-compiler libprotobuf-dev libnl-route-3-dev \
+    && git clone --depth 1 --branch "${NSJAIL_VERSION}" https://github.com/google/nsjail.git /nsjail \
+    && make -C /nsjail \
+    && install -m 0755 /nsjail/nsjail /usr/local/bin/nsjail \
+    && rm -rf /var/lib/apt/lists/*
+
 FROM python:3.12.7-slim

 WORKDIR /app
@@ -14,8 +33,15 @@ COPY . .

 COPY --from=node /app/web/dist ./web/dist

+# nsjail binary built in the dedicated stage above. Self-contained sandbox
+# backend; lets the Box runtime isolate code without a host Docker socket.
+COPY --from=nsjail-build /usr/local/bin/nsjail /usr/local/bin/nsjail
+
 RUN apt-get update \
    && apt-get install -y --no-install-recommends gcc ca-certificates curl gnupg \
+    # nsjail runtime libraries (the build toolchain stays in the nsjail-build
+    # stage; only these shared libs are needed to execute the binary).
+    && apt-get install -y --no-install-recommends libprotobuf32 libnl-route-3-200 \
    # Install the Docker CLI (client only) so the optional langbot_box
    # service can drive the mounted host Docker socket and create sandbox
    # containers. The same image powers langbot / plugin_runtime / box; only