-
Notifications
You must be signed in to change notification settings - Fork 2
fix: Add FMS 0.2.3 for AdapterSpec fix, temporary Garak permission fixes #9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Conversation
Reviewer's guide (collapsed on small PRs)Reviewer's GuideThe PR temporarily routes the trustyai_fms dependency to the Test PyPI index for version 0.2.3 in both build scripts and container definitions, and adds directory creation and permission adjustments for the Garak provider to ensure writable scan locations. Class diagram for Garak provider directory and permission changesclassDiagram
class ContainerBuild {
+install_fms(version)
+install_garak(version)
+create_garak_scan_dirs()
+set_garak_permissions()
}
class GarakProvider {
+_scan_files: Directory
+.config/garak: Directory
+.local/share/garak: Directory
+.cache/garak/resources: Directory
+permissions: rwx
}
ContainerBuild --> GarakProvider: manages directories and permissions
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey there - I've reviewed your changes and they look great!
Prompt for AI Agents
Please address the comments from this code review:
## Individual Comments
### Comment 1
<location> `trustyai-distribution/Containerfile:63` </location>
<code_context>
+ chown -R 1001:1001 /opt/app-root/lib64/python3.12/site-packages/llama_stack_provider_trustyai_garak
+# Create Garak directories with full permissions (world-writable for debugging)
+RUN mkdir -p ${APP_ROOT}/src/.config/garak ${APP_ROOT}/src/.local/share/garak ${APP_ROOT}/src/.cache/garak/resources && \
+ chmod -R 777 ${APP_ROOT}/src/.config ${APP_ROOT}/src/.local ${APP_ROOT}/src/.cache && \
+ chown -R 1001:0 ${APP_ROOT}/src/.config ${APP_ROOT}/src/.local ${APP_ROOT}/src/.cache
# Switch back to non-root user
</code_context>
<issue_to_address>
**🚨 issue (security):** World-writable permissions (chmod 777) may introduce security risks.
Restrict permissions to only those required for debugging, and ensure more secure settings are used before deploying to production.
</issue_to_address>Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
| chown -R 1001:1001 /opt/app-root/lib64/python3.12/site-packages/llama_stack_provider_trustyai_garak | ||
| # Create Garak directories with full permissions (world-writable for debugging) | ||
| RUN mkdir -p ${APP_ROOT}/src/.config/garak ${APP_ROOT}/src/.local/share/garak ${APP_ROOT}/src/.cache/garak/resources && \ | ||
| chmod -R 777 ${APP_ROOT}/src/.config ${APP_ROOT}/src/.local ${APP_ROOT}/src/.cache && \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚨 issue (security): World-writable permissions (chmod 777) may introduce security risks.
Restrict permissions to only those required for debugging, and ensure more secure settings are used before deploying to production.
What does this PR do?
AdapterSpecchanges until 0.2.3 is publishedSummary by Sourcery
Temporarily pin trustyai_fms dependency to version 0.2.3 on the Test PyPI index and apply Garak provider folder permission fixes
Bug Fixes:
Enhancements: