X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/comptes/ajouter.php?a=blobdiff_plain;f=includes%2Fshell%2FCommandFactory.php;h=b4b9b921a969aa58005069236781c596dd25f028;hb=efa586fddd5ebacd8a89b56d797c1eff1681cfc4;hp=84dd50f71fbbeaa283f887991f0b6b4226347455;hpb=1b13888ed6bd09731f10045650714a3392bb55df;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/shell/CommandFactory.php b/includes/shell/CommandFactory.php
index 84dd50f71f..b4b9b921a9 100644
--- a/includes/shell/CommandFactory.php
+++ b/includes/shell/CommandFactory.php
@@ -20,6 +20,7 @@
 
 namespace MediaWiki\Shell;
 
+use ExecutableFinder;
 use Psr\Log\LoggerAwareTrait;
 use Psr\Log\NullLogger;
 
@@ -40,18 +41,47 @@ class CommandFactory {
 	/** @var bool */
 	private $doLogStderr = false;
 
+	/**
+	 * @var string|bool
+	 */
+	private $restrictionMethod;
+
+	/**
+	 * @var string|bool
+	 */
+	private $firejail;
+
 	/**
 	 * Constructor
 	 *
 	 * @param array $limits See {@see Command::limits()}
 	 * @param string|bool $cgroup See {@see Command::cgroup()}
+	 * @param string|bool $restrictionMethod
 	 */
-	public function __construct( array $limits, $cgroup ) {
+	public function __construct( array $limits, $cgroup, $restrictionMethod ) {
 		$this->limits = $limits;
 		$this->cgroup = $cgroup;
+		if ( $restrictionMethod === 'autodetect' ) {
+			// On Linux systems check for firejail
+			if ( PHP_OS === 'Linux' && $this->findFirejail() !== false ) {
+				$this->restrictionMethod = 'firejail';
+			} else {
+				$this->restrictionMethod = false;
+			}
+		} else {
+			$this->restrictionMethod = $restrictionMethod;
+		}
 		$this->setLogger( new NullLogger() );
 	}
 
+	private function findFirejail() {
+		if ( $this->firejail === null ) {
+			$this->firejail = ExecutableFinder::findInDefaultPaths( 'firejail' );
+		}
+
+		return $this->firejail;
+	}
+
 	/**
 	 * When enabled, text sent to stderr will be logged with a level of 'error'.
 	 *
@@ -68,7 +98,12 @@ class CommandFactory {
 	 * @return Command
 	 */
 	public function create() {
-		$command = new Command();
+		if ( $this->restrictionMethod === 'firejail' ) {
+			$command = new FirejailCommand( $this->findFirejail() );
+			$command->restrict( Shell::RESTRICT_DEFAULT );
+		} else {
+			$command = new Command();
+		}
 		$command->setLogger( $this->logger );
 
 		return $command