From f5c8a71698d0a7a16c68be220e49fe64bfee7f5c Mon Sep 17 00:00:00 2001
From: Chris <ccbrown112@gmail.com>
Date: Mon, 15 Jan 2018 11:21:06 -0600
Subject: ABC-22: Plugin sandboxing for linux/amd64 (#8068)

* plugin sandboxing

* remove unused type

* better symlink handling, better remounting, better test, whitespace
fixes, and comment on the remounting

* fix test compile error

* big simplification for getting mount flags

* mask statfs flags to the ones we're interested in
---
 plugin/rpcplugin/supervisor.go | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

(limited to 'plugin/rpcplugin/supervisor.go')

diff --git a/plugin/rpcplugin/supervisor.go b/plugin/rpcplugin/supervisor.go
index ad3c8401d..6a48cb5e8 100644
--- a/plugin/rpcplugin/supervisor.go
+++ b/plugin/rpcplugin/supervisor.go
@@ -6,6 +6,7 @@ package rpcplugin
 import (
 	"context"
 	"fmt"
+	"io"
 	"path/filepath"
 	"strings"
 	"sync/atomic"
@@ -20,10 +21,10 @@ import (
 //
 // If the plugin unexpectedly exists, the supervisor will relaunch it after a short delay.
 type Supervisor struct {
-	executable string
 	hooks      atomic.Value
 	done       chan bool
 	cancel     context.CancelFunc
+	newProcess func(context.Context) (Process, io.ReadWriteCloser, error)
 }
 
 var _ plugin.Supervisor = (*Supervisor)(nil)
@@ -78,7 +79,7 @@ func (s *Supervisor) run(ctx context.Context, start chan<- error, api plugin.API
 }
 
 func (s *Supervisor) runPlugin(ctx context.Context, start chan<- error, api plugin.API) error {
-	p, ipc, err := NewProcess(ctx, s.executable)
+	p, ipc, err := s.newProcess(ctx)
 	if err != nil {
 		if start != nil {
 			start <- err
@@ -127,6 +128,16 @@ func (s *Supervisor) runPlugin(ctx context.Context, start chan<- error, api plug
 }
 
 func SupervisorProvider(bundle *model.BundleInfo) (plugin.Supervisor, error) {
+	return SupervisorWithNewProcessFunc(bundle, func(ctx context.Context) (Process, io.ReadWriteCloser, error) {
+		executable := filepath.Clean(filepath.Join(".", bundle.Manifest.Backend.Executable))
+		if strings.HasPrefix(executable, "..") {
+			return nil, nil, fmt.Errorf("invalid backend executable")
+		}
+		return NewProcess(ctx, filepath.Join(bundle.Path, executable))
+	})
+}
+
+func SupervisorWithNewProcessFunc(bundle *model.BundleInfo, newProcess func(context.Context) (Process, io.ReadWriteCloser, error)) (plugin.Supervisor, error) {
 	if bundle.Manifest == nil {
 		return nil, fmt.Errorf("no manifest available")
 	} else if bundle.Manifest.Backend == nil || bundle.Manifest.Backend.Executable == "" {
@@ -136,7 +147,5 @@ func SupervisorProvider(bundle *model.BundleInfo) (plugin.Supervisor, error) {
 	if strings.HasPrefix(executable, "..") {
 		return nil, fmt.Errorf("invalid backend executable")
 	}
-	return &Supervisor{
-		executable: filepath.Join(bundle.Path, executable),
-	}, nil
+	return &Supervisor{newProcess: newProcess}, nil
 }
-- 
cgit v1.2.3-1-g7c22