(command: string, args: string[], options: ExecutionOptions)
| 608 | } |
| 609 | |
| 610 | async function executeFirejail(command: string, args: string[], options: ExecutionOptions) { |
| 611 | options = _.clone(options) || {}; |
| 612 | const firejail = execProps<string>('firejail'); |
| 613 | const baseOptions = withFirejailTimeout( |
| 614 | ['--quiet', '--deterministic-exit-code', '--deterministic-shutdown'], |
| 615 | options, |
| 616 | ); |
| 617 | if (needsWine(command)) { |
| 618 | logger.debug('WINE execution via firejail', {command, args}); |
| 619 | options.env = applyWineEnv(options.env || {}); |
| 620 | args = [command, ...args]; |
| 621 | command = execProps<string>('wine'); |
| 622 | baseOptions.push('--profile=' + getFirejailProfileFilePath('wine'), `--join=${wineSandboxName}`); |
| 623 | delete options.customCwd; |
| 624 | baseOptions.push(command); |
| 625 | await wineInitPromise; |
| 626 | return await executeDirect(firejail, baseOptions.concat(args), options); |
| 627 | } |
| 628 | |
| 629 | logger.debug('Regular execution via firejail', {command, args}); |
| 630 | baseOptions.push('--profile=' + getFirejailProfileFilePath('execute')); |
| 631 | |
| 632 | if (options.ldPath) { |
| 633 | baseOptions.push(`--env=LD_LIBRARY_PATH=${options.ldPath.join(path.delimiter)}`); |
| 634 | delete options.ldPath; |
| 635 | } |
| 636 | |
| 637 | let filenameTransform: FilenameTransformFunc | undefined; |
| 638 | if (options.customCwd) { |
| 639 | baseOptions.push(`--private=${options.customCwd}`); |
| 640 | const replacement = options.customCwd; |
| 641 | filenameTransform = opt => opt.replace(replacement, '.'); |
| 642 | args = args.map(filenameTransform); |
| 643 | delete options.customCwd; |
| 644 | // TODO: once it's supported properly in our patched firejail, make this option common to both customCwd and |
| 645 | // non-customCwd code paths. |
| 646 | baseOptions.push('--private-cwd'); |
| 647 | } else { |
| 648 | baseOptions.push('--private'); |
| 649 | } |
| 650 | baseOptions.push(command); |
| 651 | return await executeDirect(firejail, baseOptions.concat(args), options, filenameTransform); |
| 652 | } |
| 653 | |
| 654 | async function executeNone(command: string, args: string[], options: ExecutionOptions) { |
| 655 | if (needsWine(command)) { |
no test coverage detected