Restricts execution of shell commands using firejail. More...
Public Member Functions | ||||
| __construct ( $firejail) | ||||
| whitelistPaths (array $paths) | ||||
If called, only the files/directories that are whitelisted will be available to the shell command.limit.sh will always be whitelisted
| ||||
 Public Member Functions inherited from MediaWiki\Shell\Command | ||||
| __construct () | ||||
| Don't call directly, instead use Shell::command() More... | ||||
| __destruct () | ||||
| Makes sure the programmer didn't forget to execute the command after all. More... | ||||
| __toString () | ||||
| Returns the final command line before environment/limiting, etc are applied. More... | ||||
| cgroup ( $cgroup) | ||||
| Sets cgroup for this command. More... | ||||
| environment (array $env) | ||||
| Sets environment variables which should be added to the executed command environment. More... | ||||
| execute () | ||||
| Executes command. More... | ||||
| includeStderr ( $yesno=true) | ||||
| Controls whether stderr should be included in stdout, including errors from limit.sh. More... | ||||
| input ( $inputString) | ||||
| Sends the provided input to the command. More... | ||||
| limits (array $limits) | ||||
| Sets execution limits. More... | ||||
| logStderr ( $yesno=true) | ||||
| When enabled, text sent to stderr will be logged with a level of 'error'. More... | ||||
| params (... $args) | ||||
| Adds parameters to the command. More... | ||||
| profileMethod ( $method) | ||||
| Sets calling function for profiler. More... | ||||
| restrict ( $restrictions) | ||||
| Set additional restrictions for this request. More... | ||||
| unsafeParams (... $args) | ||||
| Adds unsafe parameters to the command. More... | ||||
Protected Member Functions | ||||
| buildFinalCommand ( $command) | ||||
String together all the options and build the final command to execute.
| ||||
| Protected Member Functions inherited from MediaWiki\Shell\Command | ||||
| hasRestriction ( $restriction) | ||||
| Bitfield helper on whether a specific restriction is enabled. More... | ||||
Private Attributes | |
| string | $firejail |
| Path to firejail. More... | |
| string[] | $whitelistedPaths = [] |
Additional Inherited Members | |
| Protected Attributes inherited from MediaWiki\Shell\Command | |
| string | $command = '' |
| int | $restrictions = 0 |
| Bitfield with restrictions. More... | |
Detailed Description
Restricts execution of shell commands using firejail.
- See also
- https://firejail.wordpress.com/
- Since
- 1.31
Definition at line 31 of file FirejailCommand.php.
Constructor & Destructor Documentation
◆ __construct()
| MediaWiki\Shell\FirejailCommand::__construct | ( | $firejail | ) |
- Parameters
-
string $firejail Path to firejail
Definition at line 46 of file FirejailCommand.php.
References MediaWiki\Shell\FirejailCommand\$firejail.
Member Function Documentation
◆ buildFinalCommand()
|
protected |
String together all the options and build the final command to execute.
- Parameters
-
string $command Already-escaped command to run
- Returns
- array [ command, whether to use log pipe ]
Reimplemented from MediaWiki\Shell\Command.
Definition at line 62 of file FirejailCommand.php.
References MediaWiki\Shell\Command\$command, MediaWiki\Shell\FirejailCommand\$firejail, $IP, MediaWiki\Shell\Command\hasRestriction(), MediaWiki\Shell\Shell\NO_EXECVE, MediaWiki\Shell\Shell\NO_LOCALSETTINGS, MediaWiki\Shell\Shell\NO_NETWORK, MediaWiki\Shell\Shell\NO_ROOT, MediaWiki\Shell\Shell\PRIVATE_DEV, and MediaWiki\Shell\Shell\SECCOMP.
◆ whitelistPaths()
| MediaWiki\Shell\FirejailCommand::whitelistPaths | ( | array | $paths | ) |
If called, only the files/directories that are whitelisted will be available to the shell command.limit.sh will always be whitelisted
- Parameters
-
string[] $paths
- Returns
- $this
Reimplemented from MediaWiki\Shell\Command.
Definition at line 54 of file FirejailCommand.php.
Member Data Documentation
◆ $firejail
|
private |
Path to firejail.
Definition at line 36 of file FirejailCommand.php.
Referenced by MediaWiki\Shell\FirejailCommand\__construct(), and MediaWiki\Shell\FirejailCommand\buildFinalCommand().
◆ $whitelistedPaths
|
private |
Definition at line 41 of file FirejailCommand.php.
The documentation for this class was generated from the following file:
- includes/shell/FirejailCommand.php
