Sandbox: Remove multiple stages
While interesitng in theory, there is nothing to be gained here, because we don't really have user input at those early stages. As we are also not a privileged process, those early stage sandboxes in the end are not worth it, since they increase complexity while there is no benefit in practise. So, reduce those 3 stages to a single one (enable()), which we activate after CLI server has launched.
This commit is contained in:
35
qswiki.cpp
35
qswiki.cpp
@@ -123,29 +123,12 @@ int main(int argc, char **argv)
|
||||
return 1;
|
||||
}
|
||||
std::string configpath = std::filesystem::absolute(configfilepath).string();
|
||||
if(!sandbox->enableForInit())
|
||||
{
|
||||
Logger::error() << "Sandboxing for init mode could not be activated.";
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
ConfigReader configreader(configpath);
|
||||
Config config = configreader.readConfig();
|
||||
|
||||
// TODO: config.connectiontring only works as long as we only support sqlite of course
|
||||
if(!sandbox->enablePreWorker({
|
||||
config.configVarResolver.getConfig("cache_fs_dir"),
|
||||
config.templatepath,
|
||||
std::filesystem::path(config.logfile).parent_path(),
|
||||
std::filesystem::path(config.connectionstring).parent_path(),
|
||||
}))
|
||||
{
|
||||
Logger::error() << "Sandboxing for pre worker stage could not be activated.";
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
setup_signal_handlers();
|
||||
|
||||
std::fstream logstream;
|
||||
@@ -162,6 +145,19 @@ int main(int argc, char **argv)
|
||||
console.startInteractive();
|
||||
return 0;
|
||||
}
|
||||
|
||||
// TODO: config.connectiontring only works as long as we only support sqlite of course
|
||||
if(!sandbox->enable({
|
||||
config.configVarResolver.getConfig("cache_fs_dir"),
|
||||
config.templatepath,
|
||||
std::filesystem::path(config.logfile).parent_path(),
|
||||
std::filesystem::path(config.connectionstring).parent_path(),
|
||||
}))
|
||||
{
|
||||
Logger::error() << "Sandboxing for worker could not be enabled!";
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
CLIServer cliServer{cliHandler};
|
||||
if(!cliServer.detachServer(socketPath))
|
||||
{
|
||||
@@ -195,11 +191,6 @@ int main(int argc, char **argv)
|
||||
|
||||
auto interface = createGateway(config);
|
||||
|
||||
if(!sandbox->enableForWorker())
|
||||
{
|
||||
Logger::error() << "Sandboxing for worker could not be enabled!";
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
interface->work(requestWorker);
|
||||
}
|
||||
catch(const std::exception &e)
|
||||
|
||||
Reference in New Issue
Block a user