[nongnu] elpa-admin 0783750 417/439: * elpa-admin.el (elpaa--sandbox-extra-ro-dirs): New var

Sun, 17 Oct 2021 12:54:48 -0700 

branch: elpa-admin
commit 0783750952cbb2488cef1c5afeee539484a09d65
Author: Stefan Monnier <monn...@iro.umontreal.ca>
Commit: Stefan Monnier <monn...@iro.umontreal.ca>

    * elpa-admin.el (elpaa--sandbox-extra-ro-dirs): New var
    
    (elpaa-read-config): Initialize it.
    (elpaa--call-sandboxed): Use it.
    (elpaa--sandbox-ro-binds): Rename from `elpaa--sandboxed-ro-binds`.
---
 elpa-admin.el | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/elpa-admin.el b/elpa-admin.el
index 48fc5de..7f1a116 100644
--- a/elpa-admin.el
+++ b/elpa-admin.el
@@ -53,6 +53,8 @@
 (defvar elpaa--email-from nil) ;;"ELPA update <do.not.re...@elpa.gnu.org>"
 (defvar elpaa--email-reply-to nil)
 
+(defvar elpaa--sandbox-extra-ro-dirs nil)
+
 (defvar elpaa--sandbox t
   "If non-nil, run some of the less trusted commands in a sandbox.
 This is recommended when building packages from untrusted sources,
@@ -86,6 +88,7 @@ on some Debian systems.")
               ('email-from             elpaa--email-from)
               ('email-reply-to         elpaa--email-reply-to)
               ('sandbox                        elpaa--sandbox)
+              ('sandbox-extra-ro-dirs  elpaa--sandbox-extra-ro-dirs)
               ('debug                  elpaa--debug))
             val))))
 
@@ -718,7 +721,7 @@ The INFILE and DISPLAY arguments are fixed as nil."
     "--proc" "/proc"
     "--tmpfs" "/tmp"))
 
-(defvar elpaa--sandboxed-ro-binds
+(defvar elpaa--sandbox-ro-binds
   '("/lib" "/lib64" "/bin" "/usr" "/etc/alternatives" "/etc/emacs"))
 
 (defun elpaa--call-sandboxed (destination &rest args)
@@ -732,7 +735,8 @@ Signal an error if the command did not finish with exit 
code 0."
     (let ((dd (expand-file-name default-directory))) ;No `~' allowed!
       (setq args (nconc `("--bind" ,dd ,dd) args)))
     ;; Add read-only dirs in reverse order.
-    (dolist (b elpaa--sandboxed-ro-binds)
+    (dolist (b (append elpaa--sandbox-ro-binds
+                       elpaa--sandbox-extra-ro-dirs))
       (when (file-exists-p b)         ;`brwap' burps on binds that don't exist!
         (setq b (expand-file-name b))
         (setq args (nconc `("--ro-bind" ,b ,b) args))))
@@ -1589,8 +1593,8 @@ More at " (elpaa--default-url pkgname))
       (elpaa--build-Info-1 f dir))))
 
 (defun elpaa--build-Info-1 (docfile dir)
-  (let* ((elpaa--sandboxed-ro-binds
-          (cons default-directory elpaa--sandboxed-ro-binds))
+  (let* ((elpaa--sandbox-ro-binds
+          (cons default-directory elpaa--sandbox-ro-binds))
          (default-directory (elpaa--dirname dir))
          (tmpfiles '()))
     (when (and docfile (file-readable-p docfile)
@@ -1657,8 +1661,8 @@ More at " (elpaa--default-url pkgname))
         (cmd (elpaa--spec-get pkg-spec :shell-command)))
     (when (or cmd target)
       (with-temp-buffer
-        (let ((elpaa--sandboxed-ro-binds
-               (cons default-directory elpaa--sandboxed-ro-binds))
+        (let ((elpaa--sandbox-ro-binds
+               (cons default-directory elpaa--sandbox-ro-binds))
               (default-directory (elpaa--dirname dir)))
           (when cmd
             (elpaa--call-sandboxed t shell-file-name

Reply via email to