From f5c8a71698d0a7a16c68be220e49fe64bfee7f5c Mon Sep 17 00:00:00 2001
From: Chris <ccbrown112@gmail.com>
Date: Mon, 15 Jan 2018 11:21:06 -0600
Subject: ABC-22: Plugin sandboxing for linux/amd64 (#8068)

* plugin sandboxing

* remove unused type

* better symlink handling, better remounting, better test, whitespace
fixes, and comment on the remounting

* fix test compile error

* big simplification for getting mount flags

* mask statfs flags to the ones we're interested in
---
 plugin/rpcplugin/sandbox/sandbox.go | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 plugin/rpcplugin/sandbox/sandbox.go

(limited to 'plugin/rpcplugin/sandbox/sandbox.go')

diff --git a/plugin/rpcplugin/sandbox/sandbox.go b/plugin/rpcplugin/sandbox/sandbox.go
new file mode 100644
index 000000000..96eff02dd
--- /dev/null
+++ b/plugin/rpcplugin/sandbox/sandbox.go
@@ -0,0 +1,34 @@
+// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package sandbox
+
+import (
+	"context"
+	"io"
+
+	"github.com/mattermost/mattermost-server/plugin/rpcplugin"
+)
+
+type MountPoint struct {
+	Source      string
+	Destination string
+	Type        string
+	ReadOnly    bool
+}
+
+type Configuration struct {
+	MountPoints      []*MountPoint
+	WorkingDirectory string
+}
+
+// NewProcess is like rpcplugin.NewProcess, but launches the process in a sandbox.
+func NewProcess(ctx context.Context, config *Configuration, path string) (rpcplugin.Process, io.ReadWriteCloser, error) {
+	return newProcess(ctx, config, path)
+}
+
+// CheckSupport inspects the platform and environment to determine whether or not there are any
+// expected issues with sandboxing. If nil is returned, sandboxing should be used.
+func CheckSupport() error {
+	return checkSupport()
+}
-- 
cgit v1.2.3-1-g7c22