From f5c8a71698d0a7a16c68be220e49fe64bfee7f5c Mon Sep 17 00:00:00 2001 From: Chris Date: Mon, 15 Jan 2018 11:21:06 -0600 Subject: ABC-22: Plugin sandboxing for linux/amd64 (#8068) * plugin sandboxing * remove unused type * better symlink handling, better remounting, better test, whitespace fixes, and comment on the remounting * fix test compile error * big simplification for getting mount flags * mask statfs flags to the ones we're interested in --- app/plugin.go | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'app/plugin.go') diff --git a/app/plugin.go b/app/plugin.go index d96e6e990..3f06a000f 100644 --- a/app/plugin.go +++ b/app/plugin.go @@ -30,6 +30,8 @@ import ( "github.com/mattermost/mattermost-server/plugin" "github.com/mattermost/mattermost-server/plugin/pluginenv" + "github.com/mattermost/mattermost-server/plugin/rpcplugin" + "github.com/mattermost/mattermost-server/plugin/rpcplugin/sandbox" ) const ( @@ -382,6 +384,12 @@ func (a *App) InitPlugins(pluginPath, webappPath string, supervisorOverride plug if supervisorOverride != nil { options = append(options, pluginenv.SupervisorProvider(supervisorOverride)) + } else if err := sandbox.CheckSupport(); err != nil { + l4g.Warn(err.Error()) + l4g.Warn("plugin sandboxing is not supported. plugins will run with the same access level as the server") + options = append(options, pluginenv.SupervisorProvider(rpcplugin.SupervisorProvider)) + } else { + options = append(options, pluginenv.SupervisorProvider(sandbox.SupervisorProvider)) } if env, err := pluginenv.New(options...); err != nil { -- cgit v1.2.3-1-g7c22