Class: Sandbox Private
Overview
This class is part of a private API. This class may only be used in the Homebrew/brew repository. Third parties should avoid using this class if possible, as it may be removed or changed without warning.
Helper class for running a sub-process inside of a sandboxed environment.
Class Method Summary collapse
Instance Method Summary collapse
-
#add_rule(rule) ⇒ Object
private
-
#allow_cvs ⇒ Object
private
-
#allow_fossil ⇒ Object
private
-
#allow_write(path, options = {}) ⇒ Object
private
-
#allow_write_cellar(formula) ⇒ Object
private
-
#allow_write_log(formula) ⇒ Object
private
-
#allow_write_path(path) ⇒ Object
private
-
#allow_write_temp_and_cache ⇒ Object
private
-
#allow_write_xcode ⇒ Object
private
Xcode projects expect access to certain cache/archive dirs.
-
#deny_write(path, options = {}) ⇒ Object
private
-
#deny_write_homebrew_repository ⇒ Object
private
-
#deny_write_path(path) ⇒ Object
private
-
#exec(*args) ⇒ Object
private
-
#initialize ⇒ void
constructor
private
-
#record_log(file) ⇒ Object
private
Constructor Details
#initialize ⇒ void
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
22 23 24 |
# File 'sandbox.rb', line 22 def initialize @profile = SandboxProfile.new end |
Class Method Details
.available? ⇒ Boolean
6 7 8 |
# File 'extend/os/mac/sandbox.rb', line 6 def self.available? File.executable?(SANDBOX_EXEC) end |
Instance Method Details
#add_rule(rule) ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
30 31 32 |
# File 'sandbox.rb', line 30 def add_rule(rule) @profile.add_rule(rule) end |
#allow_cvs ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
59 60 61 |
# File 'sandbox.rb', line 59 def allow_cvs allow_write_path "#{Dir.home(ENV.fetch("USER"))}/.cvspass" end |
#allow_fossil ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
63 64 65 66 |
# File 'sandbox.rb', line 63 def allow_fossil allow_write_path "#{Dir.home(ENV.fetch("USER"))}/.fossil" allow_write_path "#{Dir.home(ENV.fetch("USER"))}/.fossil-journal" end |
#allow_write(path, options = {}) ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
34 35 36 37 |
# File 'sandbox.rb', line 34 def allow_write(path, = {}) add_rule allow: true, operation: "file-write*", filter: path_filter(path, [:type]) add_rule allow: true, operation: "file-write-setugid", filter: path_filter(path, [:type]) end |
#allow_write_cellar(formula) ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
68 69 70 71 72 |
# File 'sandbox.rb', line 68 def allow_write_cellar(formula) allow_write_path formula.rack allow_write_path formula.etc allow_write_path formula.var end |
#allow_write_log(formula) ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
79 80 81 |
# File 'sandbox.rb', line 79 def allow_write_log(formula) allow_write_path formula.logs end |
#allow_write_path(path) ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
43 44 45 |
# File 'sandbox.rb', line 43 def allow_write_path(path) allow_write path, type: :subpath end |
#allow_write_temp_and_cache ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
51 52 53 54 55 56 57 |
# File 'sandbox.rb', line 51 def allow_write_temp_and_cache allow_write_path "/private/tmp" allow_write_path "/private/var/tmp" allow_write "^/private/var/folders/[^/]+/[^/]+/[C,T]/", type: :regex allow_write_path HOMEBREW_TEMP allow_write_path HOMEBREW_CACHE end |
#allow_write_xcode ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
Xcode projects expect access to certain cache/archive dirs.
75 76 77 |
# File 'sandbox.rb', line 75 def allow_write_xcode allow_write_path "#{Dir.home(ENV.fetch("USER"))}/Library/Developer" end |
#deny_write(path, options = {}) ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
39 40 41 |
# File 'sandbox.rb', line 39 def deny_write(path, = {}) add_rule allow: false, operation: "file-write*", filter: path_filter(path, [:type]) end |
#deny_write_homebrew_repository ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
83 84 85 86 87 88 89 90 91 |
# File 'sandbox.rb', line 83 def deny_write_homebrew_repository deny_write HOMEBREW_BREW_FILE if HOMEBREW_PREFIX.to_s == HOMEBREW_REPOSITORY.to_s deny_write_path HOMEBREW_LIBRARY deny_write_path HOMEBREW_REPOSITORY/".git" else deny_write_path HOMEBREW_REPOSITORY end end |
#deny_write_path(path) ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
47 48 49 |
# File 'sandbox.rb', line 47 def deny_write_path(path) deny_write path, type: :subpath end |
#exec(*args) ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 |
# File 'sandbox.rb', line 93 def exec(*args) seatbelt = Tempfile.new(["homebrew", ".sb"], HOMEBREW_TEMP) seatbelt.write(@profile.dump) seatbelt.close @start = Time.now begin command = [SANDBOX_EXEC, "-f", seatbelt.path, *args] # Start sandbox in a pseudoterminal to prevent access of the parent terminal. PTY.spawn(*command) do |r, w, pid| # Set the PTY's window size to match the parent terminal. # Some formula tests are sensitive to the terminal size and fail if this is not set. winch = proc do |_sig| w.winsize = if $stdout.tty? # We can only use IO#winsize if the IO object is a TTY. $stdout.winsize else # Otherwise, default to tput, if available. # This relies on ncurses rather than the system's ioctl. [Utils.popen_read("tput", "lines").to_i, Utils.popen_read("tput", "cols").to_i] end end write_to_pty = proc do # Don't hang if stdin is not able to be used - throw EIO instead. old_ttin = trap(:TTIN, "IGNORE") # Update the window size whenever the parent terminal's window size changes. old_winch = trap(:WINCH, &winch) winch.call(nil) stdin_thread = Thread.new do IO.copy_stream($stdin, w) rescue Errno::EIO # stdin is unavailable - move on. end r.each_char { |c| print(c) } Process.wait(pid) ensure stdin_thread&.kill trap(:TTIN, old_ttin) trap(:WINCH, old_winch) end if $stdin.tty? # If stdin is a TTY, use io.raw to set stdin to a raw, passthrough # mode while we copy the input/output of the process spawned in the # PTY. After we've finished copying to/from the PTY process, io.raw # will restore the stdin TTY to its original state. begin # Ignore SIGTTOU as setting raw mode will hang if the process is in the background. old_ttou = trap(:TTOU, "IGNORE") $stdin.raw(&write_to_pty) ensure trap(:TTOU, old_ttou) end else write_to_pty.call end end raise ErrorDuringExecution.new(command, status: $CHILD_STATUS) unless $CHILD_STATUS.success? rescue @failed = true raise ensure seatbelt.unlink sleep 0.1 # wait for a bit to let syslog catch up the latest events. syslog_args = [ "-F", "$((Time)(local)) $(Sender)[$(PID)]: $(Message)", "-k", "Time", "ge", @start.to_i.to_s, "-k", "Message", "S", "deny", "-k", "Sender", "kernel", "-o", "-k", "Time", "ge", @start.to_i.to_s, "-k", "Message", "S", "deny", "-k", "Sender", "sandboxd" ] logs = Utils.popen_read("syslog", *syslog_args) # These messages are confusing and non-fatal, so don't report them. logs = logs.lines.reject { |l| l.match(/^.*Python\(\d+\) deny file-write.*pyc$/) }.join unless logs.empty? if @logfile File.open(@logfile, "w") do |log| log.write logs log.write "\nWe use time to filter sandbox log. Therefore, unrelated logs may be recorded.\n" end end if @failed && Homebrew::EnvConfig.verbose? ohai "Sandbox Log", logs $stdout.flush # without it, brew test-bot would fail to catch the log end end end end |
#record_log(file) ⇒ Object
This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.
26 27 28 |
# File 'sandbox.rb', line 26 def record_log(file) @logfile = file end |