diff options
author | Chris <ccbrown112@gmail.com> | 2018-01-15 11:21:06 -0600 |
---|---|---|
committer | Christopher Speller <crspeller@gmail.com> | 2018-01-15 09:21:06 -0800 |
commit | f5c8a71698d0a7a16c68be220e49fe64bfee7f5c (patch) | |
tree | 194b9cc79eceb1c91c44e39b9d797671c178fe0e /plugin/rpcplugin/sandbox/sandbox.go | |
parent | 7e5ce976681e99be6b26d428935ba1106d530efa (diff) | |
download | chat-f5c8a71698d0a7a16c68be220e49fe64bfee7f5c.tar.gz chat-f5c8a71698d0a7a16c68be220e49fe64bfee7f5c.tar.bz2 chat-f5c8a71698d0a7a16c68be220e49fe64bfee7f5c.zip |
ABC-22: Plugin sandboxing for linux/amd64 (#8068)
* plugin sandboxing
* remove unused type
* better symlink handling, better remounting, better test, whitespace
fixes, and comment on the remounting
* fix test compile error
* big simplification for getting mount flags
* mask statfs flags to the ones we're interested in
Diffstat (limited to 'plugin/rpcplugin/sandbox/sandbox.go')
-rw-r--r-- | plugin/rpcplugin/sandbox/sandbox.go | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/plugin/rpcplugin/sandbox/sandbox.go b/plugin/rpcplugin/sandbox/sandbox.go new file mode 100644 index 000000000..96eff02dd --- /dev/null +++ b/plugin/rpcplugin/sandbox/sandbox.go @@ -0,0 +1,34 @@ +// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package sandbox + +import ( + "context" + "io" + + "github.com/mattermost/mattermost-server/plugin/rpcplugin" +) + +type MountPoint struct { + Source string + Destination string + Type string + ReadOnly bool +} + +type Configuration struct { + MountPoints []*MountPoint + WorkingDirectory string +} + +// NewProcess is like rpcplugin.NewProcess, but launches the process in a sandbox. +func NewProcess(ctx context.Context, config *Configuration, path string) (rpcplugin.Process, io.ReadWriteCloser, error) { + return newProcess(ctx, config, path) +} + +// CheckSupport inspects the platform and environment to determine whether or not there are any +// expected issues with sandboxing. If nil is returned, sandboxing should be used. +func CheckSupport() error { + return checkSupport() +} |