git.heureux-cyclage.org - lhc/web/wiklou.git/commit

author	Kunal Mehta <legoktm@member.fsf.org>
	Sat, 9 Dec 2017 10:11:02 +0000 (02:11 -0800)
committer	Kunal Mehta <legoktm@member.fsf.org>
	Sat, 9 Dec 2017 12:07:32 +0000 (04:07 -0800)
commit	416975c3ac1bf838369846c2ba2e3217edcde2cb
tree	0b7ecfb1ec7a7f97bbad1e88140befc3e952c114	tree \| snapshot
parent	2443406d3765e31dc734ea74985420773940c37d	commit \| diff

shell: Run firejail inside limit.sh, make NO_EXECVE work

NO_EXECVE doesn't work because limit.sh needs to execute the main
command, and does so through the execve syscall. Eventually we should be
able to replace limit.sh with firejail functionality entirely (T179021),
but in the meantime we can run firejail inside limit.sh.

We also need to stop firejail from running the command in a bash shell
via --shell=none, since that shell would also use the execve syscall.

Bug: T182489
Change-Id: I3fc8ad2f9e5eb5bf13b49d0bccd6094668a5ec55

includes/shell/Command.php		diff \| blob \| history
includes/shell/FirejailCommand.php		diff \| blob \| history
tests/phpunit/includes/shell/FirejailCommandTest.php		diff \| blob \| history