Monorepo for Tangled
tangled.org
1package sandbox
2
3import "os/exec"
4
5// Backend wraps git subprocesses in a filesystem sandbox.
6type Backend interface {
7 Wrap(repoPath string, cmd *exec.Cmd) (*exec.Cmd, error)
8 WrapMulti(paths []string, cmd *exec.Cmd) (*exec.Cmd, error)
9 Name() string
10}
11
12// NoopBackend passes commands through unchanged.
13type NoopBackend struct{}
14
15func (n *NoopBackend) Wrap(repoPath string, cmd *exec.Cmd) (*exec.Cmd, error) {
16 cmd.Dir = repoPath
17 return cmd, nil
18}
19
20func (n *NoopBackend) WrapMulti(paths []string, cmd *exec.Cmd) (*exec.Cmd, error) {
21 if len(paths) > 0 {
22 cmd.Dir = paths[0]
23 }
24 return cmd, nil
25}
26
27func (n *NoopBackend) Name() string { return "noop" }
28
29// LookupUID resolves a repo path to its owner virtual UID. Used by the sandbox
30// to drop privileges before running git. Returning 0 (or any error) means
31// don't drop, i.e. the subprocess runs as the calling user.
32type LookupUID func(repoPath string) (uid uint32, gid uint32, err error)
33
34// New returns the best available sandboxing backend. If landlock is not
35// available, the warning string is non-empty and the backend falls back
36// to NoopBackend. lookup is optional; nil means subprocesses keep the
37// caller's UID/GID.
38func New(lookup LookupUID) (Backend, string) {
39 return platformNew(lookup)
40}
41
42// Probe returns a human-readable description of sandbox capability on this host.
43func Probe() string {
44 return platformProbe()
45}