A wrapper that restricts the command using firejail. More...

Inheritance diagram for Shellbox\Command\FirejailWrapper:

Public Member Functions
	__construct ( $binaryPath, $profilePath)

	wrap (Command $command)
	Modify the command passed as a parameter.

	getPriority ()
	Get an integer priority level used to determine the order in which to run multiple wrappers.

Public Member Functions inherited from Shellbox\Command\Wrapper
	setLogger (LoggerInterface $logger)
	Set the logger.

Public Attributes
const	PRIORITY = 40
	Firejail is a setuid-root executable which naturally goes inside systemd but outside BashWrapper, since it inherits and preserves most aspects of the system.

Additional Inherited Members
Protected Attributes inherited from Shellbox\Command\Wrapper
	$logger

Detailed Description

A wrapper that restricts the command using firejail.

Constructor & Destructor Documentation

◆ __construct()

Shellbox\Command\FirejailWrapper::__construct	(		$binaryPath,
			$profilePath )

Parameters

string	$binaryPath	The path to firejail
string	$profilePath	The path to the profile file

Member Function Documentation

◆ getPriority()

Shellbox\Command\FirejailWrapper::getPriority ( )

Get an integer priority level used to determine the order in which to run multiple wrappers.

Low numbers are innermost, high numbers are outermost, run last.

If you nest sandboxes, it makes sense to have the most privileged hypervisor/wrapper at the outside, and the least privileged on the inside. Suggested values:

20: ulimit
40: chroot
60: system-level container
80: initial shell

Returns: int

Reimplemented from Shellbox\Command\Wrapper.

◆ wrap()

Shellbox\Command\FirejailWrapper::wrap ( Command $command )

Modify the command passed as a parameter.

Parameters

Command $command

Reimplemented from Shellbox\Command\Wrapper.

The documentation for this class was generated from the following file:

src/Command/FirejailWrapper.php

Public Member Functions