namespace MediaWiki\Shell;
+use ExecutableFinder;
use Psr\Log\LoggerAwareTrait;
use Psr\Log\NullLogger;
/** @var string|bool */
private $cgroup;
+ /** @var bool */
+ private $doLogStderr = false;
+
+ /**
+ * @var string|bool
+ */
+ private $restrictionMethod;
+
+ /**
+ * @var string|bool
+ */
+ private $firejail;
+
/**
* Constructor
*
* @param array $limits See {@see Command::limits()}
* @param string|bool $cgroup See {@see Command::cgroup()}
+ * @param string|bool $restrictionMethod
*/
- public function __construct( array $limits, $cgroup ) {
+ public function __construct( array $limits, $cgroup, $restrictionMethod ) {
$this->limits = $limits;
$this->cgroup = $cgroup;
+ if ( $restrictionMethod === 'autodetect' ) {
+ // On Linux systems check for firejail
+ if ( PHP_OS === 'Linux' && $this->findFirejail() !== false ) {
+ $this->restrictionMethod = 'firejail';
+ } else {
+ $this->restrictionMethod = false;
+ }
+ } else {
+ $this->restrictionMethod = $restrictionMethod;
+ }
$this->setLogger( new NullLogger() );
}
+ private function findFirejail() {
+ if ( $this->firejail === null ) {
+ $this->firejail = ExecutableFinder::findInDefaultPaths( 'firejail' );
+ }
+
+ return $this->firejail;
+ }
+
+ /**
+ * When enabled, text sent to stderr will be logged with a level of 'error'.
+ *
+ * @param bool $yesno
+ * @see Command::logStderr
+ */
+ public function logStderr( $yesno = true ) {
+ $this->doLogStderr = $yesno;
+ }
+
/**
* Instantiates a new Command
*
* @return Command
*/
public function create() {
- $command = new Command();
+ if ( $this->restrictionMethod === 'firejail' ) {
+ $command = new FirejailCommand( $this->findFirejail() );
+ $command->restrict( Shell::RESTRICT_DEFAULT );
+ } else {
+ $command = new Command();
+ }
$command->setLogger( $this->logger );
return $command
->limits( $this->limits )
- ->cgroup( $this->cgroup );
+ ->cgroup( $this->cgroup )
+ ->logStderr( $this->doLogStderr );
}
}