diff options
-rw-r--r-- | app/notification.go | 2 | ||||
-rw-r--r-- | cmd/commands/user.go | 4 | ||||
-rw-r--r-- | plugin/rpcplugin/sandbox/sandbox_linux.go | 49 |
3 files changed, 31 insertions, 24 deletions
diff --git a/app/notification.go b/app/notification.go index 8cb63fbaf..9a8096bbf 100644 --- a/app/notification.go +++ b/app/notification.go @@ -89,7 +89,7 @@ func (a *App) SendNotifications(post *model.Post, team *model.Team, channel *mod delete(mentionedUserIds, post.UserId) } - if len(m.OtherPotentialMentions) > 0 { + if len(m.OtherPotentialMentions) > 0 && !post.IsSystemMessage() { if result := <-a.Srv.Store.User().GetProfilesByUsernames(m.OtherPotentialMentions, team.Id); result.Err == nil { outOfChannelMentions := result.Data.([]*model.User) if channel.Type != model.CHANNEL_GROUP { diff --git a/cmd/commands/user.go b/cmd/commands/user.go index a8b7341b2..fe4d34a48 100644 --- a/cmd/commands/user.go +++ b/cmd/commands/user.go @@ -553,7 +553,7 @@ func migrateAuthToLdapCmdF(command *cobra.Command, args []string) error { } fromAuth := args[0] - matchField := args[1] + matchField := args[2] if len(fromAuth) == 0 || (fromAuth != "email" && fromAuth != "gitlab" && fromAuth != "saml") { return errors.New("Invalid from_auth argument") @@ -594,7 +594,7 @@ func migrateAuthToSamlCmdF(command *cobra.Command, args []string) error { matchesFile := "" matches := map[string]string{} if !autoFlag { - matchesFile = args[1] + matchesFile = args[2] file, e := ioutil.ReadFile(matchesFile) if e != nil { diff --git a/plugin/rpcplugin/sandbox/sandbox_linux.go b/plugin/rpcplugin/sandbox/sandbox_linux.go index 4ade00cf2..beb00995d 100644 --- a/plugin/rpcplugin/sandbox/sandbox_linux.go +++ b/plugin/rpcplugin/sandbox/sandbox_linux.go @@ -23,7 +23,7 @@ import ( ) func init() { - if len(os.Args) < 3 || os.Args[0] != "sandbox.runProcess" { + if len(os.Args) < 4 || os.Args[0] != "sandbox.runProcess" { return } @@ -32,7 +32,7 @@ func init() { fmt.Println(err.Error()) os.Exit(1) } - if err := runProcess(&config, os.Args[2]); err != nil { + if err := runProcess(&config, os.Args[2], os.Args[3]); err != nil { if eerr, ok := err.(*exec.ExitError); ok { if status, ok := eerr.Sys().(syscall.WaitStatus); ok { os.Exit(status.ExitStatus()) @@ -98,13 +98,7 @@ func systemMountPoints() (points []*MountPoint) { return } -func runProcess(config *Configuration, path string) error { - root, err := ioutil.TempDir("", "") - if err != nil { - return err - } - defer os.RemoveAll(root) - +func runProcess(config *Configuration, path, root string) error { if err := syscall.Mount("", "/", "", syscall.MS_PRIVATE|syscall.MS_REC, ""); err != nil { return errors.Wrapf(err, "unable to make root private") } @@ -330,9 +324,10 @@ func runExecutable(path string) error { type process struct { command *exec.Cmd + root string } -func newProcess(ctx context.Context, config *Configuration, path string) (rpcplugin.Process, io.ReadWriteCloser, error) { +func newProcess(ctx context.Context, config *Configuration, path string) (pOut rpcplugin.Process, rwcOut io.ReadWriteCloser, errOut error) { configJSON, err := json.Marshal(config) if err != nil { return nil, nil, err @@ -345,8 +340,18 @@ func newProcess(ctx context.Context, config *Configuration, path string) (rpcplu defer childFiles[0].Close() defer childFiles[1].Close() + root, err := ioutil.TempDir("", "") + if err != nil { + return nil, nil, err + } + defer func() { + if errOut != nil { + os.RemoveAll(root) + } + }() + cmd := exec.CommandContext(ctx, "/proc/self/exe") - cmd.Args = []string{"sandbox.runProcess", string(configJSON), path} + cmd.Args = []string{"sandbox.runProcess", string(configJSON), path, root} cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr cmd.ExtraFiles = childFiles @@ -378,19 +383,21 @@ func newProcess(ctx context.Context, config *Configuration, path string) (rpcplu return &process{ command: cmd, + root: root, }, ipc, nil } func (p *process) Wait() error { + defer os.RemoveAll(p.root) return p.command.Wait() } func init() { - if len(os.Args) < 1 || os.Args[0] != "sandbox.checkSupportInNamespace" { + if len(os.Args) < 2 || os.Args[0] != "sandbox.checkSupportInNamespace" { return } - if err := checkSupportInNamespace(); err != nil { + if err := checkSupportInNamespace(os.Args[1]); err != nil { fmt.Fprintf(os.Stderr, "%v", err.Error()) os.Exit(1) } @@ -398,13 +405,7 @@ func init() { os.Exit(0) } -func checkSupportInNamespace() error { - root, err := ioutil.TempDir("", "") - if err != nil { - return err - } - defer os.RemoveAll(root) - +func checkSupportInNamespace(root string) error { if err := syscall.Mount("", "/", "", syscall.MS_PRIVATE|syscall.MS_REC, ""); err != nil { return errors.Wrapf(err, "unable to make root private") } @@ -444,8 +445,14 @@ func checkSupport() error { stderr := &bytes.Buffer{} + root, err := ioutil.TempDir("", "") + if err != nil { + return err + } + defer os.RemoveAll(root) + cmd := exec.Command("/proc/self/exe") - cmd.Args = []string{"sandbox.checkSupportInNamespace"} + cmd.Args = []string{"sandbox.checkSupportInNamespace", root} cmd.Stderr = stderr cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWNS | syscall.CLONE_NEWUTS | syscall.CLONE_NEWIPC | syscall.CLONE_NEWPID | syscall.CLONE_NEWUSER, |