Begin sandboxing support, README updates.
这个提交包含在:
34
qswiki.cpp
34
qswiki.cpp
@@ -24,6 +24,7 @@ SOFTWARE.
|
||||
#include <signal.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/types.h>
|
||||
#include <filesystem>
|
||||
#include "gateway/gatewayinterface.h"
|
||||
#include "gateway/gatewayfactory.h"
|
||||
#include "handlers/handlerfactory.h"
|
||||
@@ -35,6 +36,7 @@ SOFTWARE.
|
||||
#include "urlprovider.h"
|
||||
#include "requestworker.h"
|
||||
#include "cache/fscache.h"
|
||||
#include "sandbox/sandboxfactory.h"
|
||||
void sigterm_handler(int arg)
|
||||
{
|
||||
// TODO: proper shutdown.
|
||||
@@ -68,6 +70,19 @@ int main(int argc, char **argv)
|
||||
std::cerr << "Do not run this as root!" << std::endl;
|
||||
return 1;
|
||||
}
|
||||
auto sandbox = createSandbox();
|
||||
// TODO: do we want to keep it mandatory or configurable?
|
||||
if(!sandbox->supported())
|
||||
{
|
||||
Logger::error() << "Sandbox is not supported, exiting";
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
if(!sandbox->enableForInit())
|
||||
{
|
||||
Logger::error() << "Sandboxing for init mode could not be activated.";
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
if(argc < 2)
|
||||
{
|
||||
std::cerr << "no path to config file provided" << std::endl;
|
||||
@@ -79,6 +94,19 @@ int main(int argc, char **argv)
|
||||
ConfigReader configreader(argv[1]);
|
||||
Config config = configreader.readConfig();
|
||||
|
||||
// TODO: config.connectiontring only works as long as we only support sqlite of course
|
||||
|
||||
if(!sandbox->enablePreWorker({
|
||||
config.getConfig("cache_fs_dir"),
|
||||
config.templatepath,
|
||||
std::filesystem::path(config.logfile).parent_path(),
|
||||
std::filesystem::path(config.connectionstring).parent_path(),
|
||||
}))
|
||||
{
|
||||
Logger::error() << "Sandboxing for pre worker stage could not be activated.";
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
setup_signal_handlers();
|
||||
|
||||
std::fstream logstream;
|
||||
@@ -110,6 +138,12 @@ int main(int argc, char **argv)
|
||||
RequestWorker requestWorker(*database, siteTemplate, urlprovider, *cache);
|
||||
|
||||
auto interface = createGateway(config);
|
||||
|
||||
if(!sandbox->enableForWorker())
|
||||
{
|
||||
Logger::error() << "Sandboxing for worker could not be enabled!";
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
interface->work(requestWorker);
|
||||
}
|
||||
catch(const std::exception &e)
|
||||
|
||||
在新工单中引用
屏蔽一个用户