shad-go/tools/testtool/commands/sandbox.go

package commands

import (
	"log"
	"os/exec"
	"os/user"
	"strconv"
	"syscall"
)

func currentUserIsRoot() bool {
	me, err := user.Current()
	if err != nil {
		log.Fatal(err)
	}

	return me.Uid == "0"
}

func sandbox(cmd *exec.Cmd) error {
	nobody, err := user.Lookup("nobody")
	if err != nil {
		return err
	}

	uid, _ := strconv.Atoi(nobody.Uid)
	gid, _ := strconv.Atoi(nobody.Gid)

	cmd.SysProcAttr = &syscall.SysProcAttr{
		Credential: &syscall.Credential{
			Uid: uint32(uid),
			Gid: uint32(gid),
		},
	}

	cmd.Env = []string{}

	return nil
}
Squashed commit of the following: commit 347ba11cfe4a49bff6fc29063b49416d90525e52 Author: Fedor Korotkiy <prime@yandex-team.ru> Date: Sat Feb 8 22:44:26 2020 +0300 Sandboxed test execution. commit c5c9557dd59c54971a78d424ec118655f6b2005c Author: Fedor Korotkiy <prime@yandex-team.ru> Date: Sat Feb 8 21:13:13 2020 +0300 Fix paths used during testing. commit 1ba21eb0aad08f543c6a99bfd927721207943abb Author: Fedor Korotkiy <prime@yandex-team.ru> Date: Sat Feb 8 20:56:32 2020 +0300 Helper for process sandboxing commit 54f0aa11156c1d2c998a060b60be7af8666d5da4 Author: Fedor Korotkiy <prime@yandex-team.ru> Date: Sat Feb 8 20:10:56 2020 +0300 Package list helper. 2020-02-10 13:41:58 +00:00			`package commands`

			`import (`
			`"log"`
			`"os/exec"`
			`"os/user"`
			`"strconv"`
			`"syscall"`
			`)`

			`func currentUserIsRoot() bool {`
			`me, err := user.Current()`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`return me.Uid == "0"`
			`}`

			`func sandbox(cmd *exec.Cmd) error {`
			`nobody, err := user.Lookup("nobody")`
			`if err != nil {`
			`return err`
			`}`

			`uid, _ := strconv.Atoi(nobody.Uid)`
			`gid, _ := strconv.Atoi(nobody.Gid)`

			`cmd.SysProcAttr = &syscall.SysProcAttr{`
			`Credential: &syscall.Credential{`
			`Uid: uint32(uid),`
			`Gid: uint32(gid),`
			`},`
			`}`

			`cmd.Env = []string{}`

			`return nil`
			`}`