Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

isolate binaries to only those specified in the job #61

Open
BrianHicks opened this issue Sep 23, 2022 · 0 comments
Open

isolate binaries to only those specified in the job #61

BrianHicks opened this issue Sep 23, 2022 · 0 comments
Labels
isolation
Milestone
initial build

Comments

@BrianHicks
Copy link
Member

BrianHicks commented Sep 23, 2022
edited
Loading

We currently fudge a little with systemTool: we assume the tool is in PATH, but we don't check at all and also don't prevent it from running anything else by name in PATH.

Implementation idea: look up the binary in PATH, then symlink the binary location to some discrete bin directory that the job has access to. Takes a little more work but isolates more and lets us give better error messages for missing binaries.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
isolation
Projects
rbt
Status: Todo
Milestone
initial build
Development

No branches or pull requests
1 participant
@BrianHicks