mirror of
https://github.com/mattermost/mattermost.git
synced 2025-02-25 18:55:24 -06:00
f5c8a71698
* plugin sandboxing * remove unused type * better symlink handling, better remounting, better test, whitespace fixes, and comment on the remounting * fix test compile error * big simplification for getting mount flags * mask statfs flags to the ones we're interested in
34 lines
1000 B
Go
34 lines
1000 B
Go
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
|
// See License.txt for license information.
|
|
|
|
package sandbox
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"io"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"github.com/mattermost/mattermost-server/model"
|
|
"github.com/mattermost/mattermost-server/plugin"
|
|
"github.com/mattermost/mattermost-server/plugin/rpcplugin"
|
|
)
|
|
|
|
func SupervisorProvider(bundle *model.BundleInfo) (plugin.Supervisor, error) {
|
|
return rpcplugin.SupervisorWithNewProcessFunc(bundle, func(ctx context.Context) (rpcplugin.Process, io.ReadWriteCloser, error) {
|
|
executable := filepath.Clean(filepath.Join(".", bundle.Manifest.Backend.Executable))
|
|
if strings.HasPrefix(executable, "..") {
|
|
return nil, nil, fmt.Errorf("invalid backend executable")
|
|
}
|
|
return NewProcess(ctx, &Configuration{
|
|
MountPoints: []*MountPoint{{
|
|
Source: bundle.Path,
|
|
Destination: "/plugin",
|
|
ReadOnly: true,
|
|
}},
|
|
WorkingDirectory: "/plugin",
|
|
}, filepath.Join("/plugin", executable))
|
|
})
|
|
}
|