codelayer/bubblewrap

Sandbox console commands using bubblewrap

Maintainers

Details

github.com/codelayerhq/bubblewrap-php

Source

Issues

Installs: 180

Dependents: 0

Suggesters: 0

Security: 0

Stars: 4

Watchers: 5

Forks: 0

Open Issues: 0

v1.5.0 2022-06-22 13:16 UTC

Requires

Requires (Dev)

MIT defc41aa00bc2449dc52938cf8900e73750dd449

  • Martin Wagner <martin.woop@codelayer.de>

This package is auto-updated.

Last update: 2024-04-22 17:08:13 UTC

README

License: MIT Packagist Version

A PHP wrapper class for the bubblewrap cli tool. Can be used to execute external commands like imagemagick or ghostscript in a separated environment as a protection against possible security issues.

Installation

The package can be installed using composer:

$ composer require codelayer/bubblewrap

Usage

At the moment most commands that don't take a file descriptor as argument are implemented. This snippet shows how the example from the bubblewrap readme looks in PHP:

$bwrap = new \Codelayer\Bubblewrap\Bubblewrap();

$bwrap
    ->readOnlyBind('/usr') // If src equals dest only one parameter is required for bind commands
    ->symlink('usr/lib64', '/lib')
    ->proc() // /proc is used as default location for procfs
    ->dev()  // /dev  is used as default location for devtmpfs
    ->unsharePid()
    ->exec(['bash']);

Exec returns a Symfony Process object.

Additional methods

Two additional methods are available to modify how bubblewrap is called:

  • setBinary($binary) sets the location of the bwrap binary
  • clearEnv() prepends env -i to the bwrap calls and unsets all environment variables
  • getCommand($cmd) show the full command that exec($cmd) would execute

License

This package is licensed under the MIT License. For more information see the LICENSE file.

About us

codelayer is a software company from Karlsruhe, Germany which specializes in web application development.
For more information about codelayer, visit our website at codelayer.de.