remove firejail

Dockerfile

@@ -9,13 +9,10 @@ RUN groupadd --gid 10001 app && \
 RUN apt-get update && \
     apt-get install -y \
       yasm libvpx-dev libgmp-dev git python build-essential opus-tools && \
-    git clone https://github.com/netblue30/firejail.git /app/firejail && \
-    cd /app/firejail && \
-    ./configure && make && make install-strip && \
     git clone https://github.com/FFmpeg/FFmpeg /app/ffmpeg && \
     cd /app/ffmpeg && git checkout release/3.4 && \
     ./configure  --enable-libvpx && make && make install && \
-    rm -rf /app/firejail && rm -rf /app/ffmpeg && \
+    rm -rf /app/ffmpeg && \
     apt remove -y libgmp-dev git python build-essential && \
     apt-get autoremove -y && \
     apt-get clean

opusdec.profile

@@ -1,24 +0,0 @@
-blacklist /usr/local/bin
-blacklist /usr/bin
-blacklist /bin
-blacklist /sbin
-blacklist /boot
-blacklist /media
-blacklist /mnt
-blacklist /opt
-blacklist /var
-blacklist /tmp
-blacklist /home
-blacklist /app
-
-private-bin opusdec
-
-shell none
-seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,getdents,getuid,ioctl,lseek,mmap,mprotect,munmap,nanosleep,open,openat,read,rt_sigaction,set_robust_list,setresgid,setresuid,socket,stat,unshare,wait4,write
-caps.drop all
-net none
-noroot
-nosound
-novideo
-nogroups
-nonewprivs

server.js

@@ -31,14 +31,12 @@ const languages = (() => {
 
 const configSchema = Joi.object({
   asr_url: Joi.string(),
-  disable_jail: Joi.boolean(),
   port: Joi.number(),
   s3_bucket: Joi.string().optional(),
 });
 
 const config = {
   asr_url: process.env.ASR_URL,
-  disable_jail: process.env.DISABLE_DECODE_JAIL === '1',
   port: process.env.PORT || 9001,
   s3_bucket: process.env.S3_BUCKET,
 };
@@ -241,15 +239,6 @@ app.get('/', (req, res) => {
 
 app.post('*', function(req, res, next) {
   let decodeArgs;
-
-  // then we convert it from opus to raw pcm
-  const jailArgs = [
-    'firejail',
-    '--profile=opusdec.profile',
-    '--debug',
-    '--force',
-  ];
-
   const header_validation = validateHeaders(req.headers);
 
   if (header_validation !== null) {
@@ -298,12 +287,8 @@ app.post('*', function(req, res, next) {
       .json({message: 'Body should be an Opus or Webm audio file'});
   }
 
-  let args = null;
-  if (config.disable_jail) {
-    args = decodeArgs;
-  } else {
-    args = jailArgs.concat(decodeArgs);
-  }
+  const args = decodeArgs;
+
   const opusdec_start = Date.now();
   mozlog.info('request.opusdec.start', {
     request_id: res.locals.request_id,