UNPKG

simple-sandbox

Version:

A simple sandbox for Node.js using Linux namespaces and cgroup.

t123yh/simple-sandbox

56 lines 2.22 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
"use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __exportStar = (this && this.__exportStar) || function(m, exports) { for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p); }; Object.defineProperty(exports, "__esModule", { value: true }); exports.getUidAndGidInSandbox = exports.startSandbox = void 0; const nativeAddon_1 = require("./nativeAddon"); const sandboxProcess_1 = require("./sandboxProcess"); const fs_1 = require("fs"); const randomString = require("randomstring"); const path = require("path"); __exportStar(require("./interfaces"), exports); if (!fs_1.existsSync('/sys/fs/cgroup/memory/memory.memsw.usage_in_bytes')) { throw new Error("Your linux kernel doesn't support memory-swap account. Please turn it on following the readme."); } const MAX_RETRY_TIMES = 20; function startSandbox(parameter) { const doStart = () => { const actualParameter = Object.assign({}, parameter); actualParameter.cgroup = path.join(actualParameter.cgroup, randomString.generate(9)); const startResult = nativeAddon_1.default.startSandbox(actualParameter); return new sandboxProcess_1.SandboxProcess(actualParameter, startResult.pid, startResult.execParam); }; let retryTimes = MAX_RETRY_TIMES; while (1) { try { return doStart(); } catch (e) { if ("message" in e && typeof e.message === "string" && e.message.startsWith("The child process ")) { if (retryTimes-- > 0) continue; } throw e; } } } exports.startSandbox = startSandbox; ; function getUidAndGidInSandbox(rootfs, username) { try { return nativeAddon_1.default.getUidAndGidInSandbox(rootfs, username); } catch (e) { throw e; } } exports.getUidAndGidInSandbox = getUidAndGidInSandbox; //# sourceMappingURL=index.js.map