refactor: allow sandbox to read /tmp.

liqiang-fit2cloud · liqiang-fit2cloud · commit 574e275cba67 · 2026-02-27T17:44:42.000+08:00
diff --git a/installer/Dockerfile-base b/installer/Dockerfile-base
@@ -30,6 +30,7 @@ RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
     chmod g-rwx /usr/local/bin/* /usr/bin/* /bin/* /usr/sbin/* /sbin/* /usr/lib/postgresql/17/bin/* && \
     chmod g+xr /usr/bin/ld.so /usr/local/bin/python* `which env` && \
     chmod -R g-rwx /tmp /var/tmp /var/lock && \
+    chmod g+r /tmp && \
     apt-get clean all && \
     rm -rf /var/lib/postgresql /var/lib/apt/lists/* /usr/share/doc/* /usr/share/man/* /usr/share/info/* /usr/share/locale/* /usr/share/lintian/* /usr/share/linda/* /var/cache/* /var/log/* /var/tmp/* /tmp/*
 COPY --from=vector-model --chmod=700 /opt/maxkb-app/model /opt/maxkb-app/model
