24use Psr\Log\LoggerAwareTrait;
25use Psr\Log\NullLogger;
26use Shellbox\Command\BoxedCommand;
27use Shellbox\Command\RemoteBoxedExecutor;
45 private $doLogStderr =
false;
50 private $restrictionMethod;
61 private $shellboxClientFactory;
70 array $limits, $cgroup, $restrictionMethod
72 $this->shellboxClientFactory = $shellboxClientFactory;
73 $this->limits = $limits;
74 $this->cgroup = $cgroup;
75 if ( $restrictionMethod ===
'autodetect' ) {
78 $this->restrictionMethod =
'firejail';
80 $this->restrictionMethod =
false;
83 $this->restrictionMethod = $restrictionMethod;
85 $this->setLogger(
new NullLogger() );
92 if ( $this->firejail ===
null ) {
96 return $this->firejail;
106 $this->doLogStderr = $yesno;
116 private function getLocalShellboxOptions() {
119 'useBashWrapper' => file_exists(
'/bin/bash' ),
120 'cgroup' => $this->cgroup
122 if ( $this->restrictionMethod ===
'firejail' ) {
123 $firejailPath = $this->findFirejail();
124 if ( !$firejailPath ) {
125 throw new \RuntimeException(
'firejail is enabled, but cannot be found' );
127 $options[
'useFirejail'] =
true;
128 $options[
'firejailPath'] = $firejailPath;
129 $options[
'firejailProfile'] = __DIR__ .
'/firejail.profile';
141 if ( $this->restrictionMethod ===
'firejail' ) {
142 if ( $this->useAllUsers ===
null ) {
146 $realIP = realpath(
$IP );
147 $currentUser = posix_getpwuid( posix_geteuid() );
148 $this->useAllUsers = ( strpos( $realIP,
'/home/' ) === 0 )
149 && ( strpos( $realIP, $currentUser[
'dir'] ) !== 0 );
150 if ( $this->useAllUsers ) {
151 $this->logger->warning(
'firejail: MediaWiki is located ' .
152 'in a home directory that does not belong to the ' .
153 'current user, so allowing access to all home ' .
154 'directories (--allusers)' );
157 $allUsers = $this->useAllUsers;
159 $executor = Shellbox::createUnboxedExecutor(
160 $this->getLocalShellboxOptions(), $this->logger );
163 $command->setLogger( $this->logger );
168 ->limits( $this->limits )
169 ->logStderr( $this->doLogStderr );
179 public function createBoxed( ?
string $service =
null ): BoxedCommand {
180 if ( $this->shellboxClientFactory->isEnabled( $service ) ) {
181 $client = $this->shellboxClientFactory->getClient( [
182 'timeout' => $this->limits[
'walltime'] + 1,
183 'service' => $service,
185 $executor =
new RemoteBoxedExecutor( $client );
186 $executor->setLogger( $this->logger );
188 $executor = Shellbox::createBoxedExecutor(
189 $this->getLocalShellboxOptions(),
192 return $executor->createCommand()
193 ->cpuTimeLimit( $this->limits[
'time'] )
194 ->wallTimeLimit( $this->limits[
'walltime'] )
195 ->memoryLimit( $this->limits[
'memory'] * 1024 )
196 ->fileSizeLimit( $this->limits[
'filesize'] * 1024 )
197 ->logStderr( $this->doLogStderr );
wfTempDir()
Tries to get the system directory for temporary files.
if(!defined( 'MEDIAWIKI')) if(ini_get('mbstring.func_overload')) if(!defined( 'MW_ENTRY_POINT')) global $IP
Environment checks.
if(!defined('MW_SETUP_CALLBACK'))
The persistent session ID (if any) loaded at startup.
Utility class to find executables in likely places.
static findInDefaultPaths( $names, $versionInfo=false)
Same as locateExecutable(), but checks in getPossibleBinPaths() by default.