dify
dify copied to clipboard
langgenius
Code block error: operation not permitted with dify-sandbox 0.2.0
Self Checks
- [X] This is only for bug report, if you would like to ask a question, please head to Discussions.
- [X] I have searched for existing issues search for existing issues, including closed ones.
- [X] I confirm that I am using English to submit this report (我已阅读并同意 Language Policy).
- [X] Please do not modify this template :) and fill in all the required fields.
Dify version
0.6.7
Cloud or Self Hosted
Self Hosted (Docker)
Steps to reproduce
git clone the repository and run docker compose up -d. Create a workflow with a Code node and run the workflow.
✔️ Expected Behavior
Workflow should run and return an expected result.
❌ Actual Behavior
The code node returns the following error message.
error: operation not permitted
Confirmed the same workflow got executed successfully with an earlier sandbox.
I suspect sandbox 0.2.0 might be a curlprit, which was added as part of #4231 .
https://github.com/langgenius/dify/pull/4231/files#diff-89fafc265c1fa601cf2364b20be83308031335fda9467fcf3249d5ec1c0c8172R373
The operation not permitted error you're encountering seems to be related to the sandbox version 0.2.0 update in Dify version 0.6.7. This error typically indicates that the code is attempting to perform operations not allowed within the sandboxed environment. The sandbox restricts certain functionalities for security reasons, including direct file system access, network calls, and operating system-level commands.
Given the changes introduced in sandbox version 0.2.0, as detailed in pull request #4231, it's possible that the code you're executing is now hitting new restrictions. To resolve this, review your code for operations that might be restricted by the sandbox. If your workflow requires functionalities that are restricted, consider using alternative methods within the sandbox's allowed capabilities.
Additionally, check the Docker configuration and settings, as updates in Dify version 0.6.7 could affect the permissions or operations of the Code node within a workflow. The introduction of a dedicated sandbox service for code execution in the Docker configuration might have implications for network access and resource limitations.
If you need to perform operations outside the sandbox's restrictions, Dify documentation suggests using API Based Extension and Code-Based Extension methods to enhance functionality while ensuring security.
Details
Sources
- Workflow run code tool error: operation not permitted
- en/features/workflow/nodes/code.md
- docker/docker-compose.yaml
- en/features/extension/README.md
- en/features/extension/api_based_extension/README.md
- en/features/workflow/node/code.md
About Dosu This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.
Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.
To continue the conversation, mention @dosu.
![dosubot[bot] avatar](https://avatars.githubusercontent.com/in/324583?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thanks for the comment @patryk20120 ! Here is the workflow, DSL for your reference and the code snippet.
import json
def main(arg1) -> dict:
# Parse the JSON data
data = json.loads(arg1)
# Navigate to the 'transcript' field
transcript = data['results']['channels'][0]['alternatives'][0]['transcript']
return {
"result": transcript,
}
I cannot reproduce this issue, could you pls provide more information? such as docker ps docker logs and so on.
Thanks @Yeuoly for the update! Upgraded to 0.6.8, which includes sandbox 0.2.0, and now everything is looking good.