Module: OS::Linux::Sandbox Private

Extended by:: T::Helpers

Included in:: Sandbox

Defined in:: extend/os/linux/sandbox.rb

This module is part of a private API. This module may only be used in the Homebrew/brew repository. Third parties should avoid using this module if possible, as it may be removed or changed without warning.

Defined Under Namespace

Modules: ClassMethods

Class Method Summary collapse

.bubblewrap_candidate_paths ⇒ ::PATH private
.bubblewrap_executable ⇒ ::Pathname^? private
.bubblewrap_executable! ⇒ ::Pathname private

Instance Method Summary collapse

#allow_cvs ⇒ void private
#allow_fossil ⇒ void private
#allow_write_temp_and_cache ⇒ void private
#run(*args) ⇒ void private

Class Method Details

.bubblewrap_candidate_paths ⇒ `::PATH`

This method is part of a private API. This method may only be used in the Homebrew/brew repository. Third parties should avoid using this method if possible, as it may be removed or changed without warning.

Returns:

(::PATH)



86
87
88

# File 'extend/os/linux/sandbox.rb', line 86

def self.bubblewrap_candidate_paths
  ::Sandbox.executable_candidate_paths
end

.bubblewrap_executable ⇒ `::Pathname`^?

Returns:

(::Pathname, nil)



91
92
93

# File 'extend/os/linux/sandbox.rb', line 91

def self.bubblewrap_executable
  ::Sandbox.executable
end

.bubblewrap_executable! ⇒ `::Pathname`

Returns:

(::Pathname)



96
97
98

# File 'extend/os/linux/sandbox.rb', line 96

def self.bubblewrap_executable!
  bubblewrap_executable || raise("Bubblewrap is required to use the Linux sandbox.")
end

Instance Method Details

#allow_cvs ⇒ `void`

This method returns an undefined value.

# File 'extend/os/linux/sandbox.rb', line 109

def allow_cvs
  cvspass = ::Pathname.new("#{Dir.home(ENV.fetch("USER"))}/.cvspass")
  allow_write path: cvspass, type: :literal if cvspass.exist?
end

#allow_fossil ⇒ `void`

This method returns an undefined value.

# File 'extend/os/linux/sandbox.rb', line 115

def allow_fossil
  [".fossil", ".fossil-journal"].each do |file|
    fossil_file = ::Pathname.new("#{Dir.home(ENV.fetch("USER"))}/#{file}")
    allow_write path: fossil_file, type: :literal if fossil_file.exist?
  end
end

#allow_write_temp_and_cache ⇒ `void`

This method returns an undefined value.

# File 'extend/os/linux/sandbox.rb', line 101

def allow_write_temp_and_cache
  allow_write_path "/tmp"
  allow_write_path "/var/tmp"
  allow_write_path HOMEBREW_TEMP
  allow_write_path HOMEBREW_CACHE
end

#run(*args) ⇒ `void`

This method returns an undefined value.

Parameters:

args (String, ::Pathname)

# File 'extend/os/linux/sandbox.rb', line 330

def run(*args)
  @prepared_writable_paths = T.let([], T.nilable(T::Array[::Pathname]))
  @masked_read_paths = T.let([], T.nilable(T::Array[::Pathname]))
  old_report_on_exception = T.let(Thread.report_on_exception, T.nilable(T::Boolean))
  Thread.report_on_exception = false
  super
ensure
  Thread.report_on_exception = old_report_on_exception unless old_report_on_exception.nil?
  @prepared_writable_paths&.reverse_each do |path|
    path.rmdir if path.directory?
  rescue Errno::ENOENT, Errno::ENOTEMPTY
    nil
  end
  @prepared_writable_paths = nil
  @masked_read_paths&.reverse_each { |path| FileUtils.rm_rf(path) }
  @masked_read_paths = nil
end

Module: OS::Linux::Sandbox Private

Defined Under Namespace

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.bubblewrap_candidate_paths ⇒ ::PATH

.bubblewrap_executable ⇒ ::Pathname?

.bubblewrap_executable! ⇒ ::Pathname

Instance Method Details

#allow_cvs ⇒ void

#allow_fossil ⇒ void

#allow_write_temp_and_cache ⇒ void

#run(*args) ⇒ void

.bubblewrap_candidate_paths ⇒ `::PATH`

.bubblewrap_executable ⇒ `::Pathname`^?

.bubblewrap_executable! ⇒ `::Pathname`

#allow_cvs ⇒ `void`

#allow_fossil ⇒ `void`

#allow_write_temp_and_cache ⇒ `void`

#run(*args) ⇒ `void`