Sandbox

Element plugins which want to interface with the sandbox need only understand this interface, while it may be given a different sandbox implementation, any sandbox implementation it is given will conform to this interface.

class SandboxFlags

Bases: object

Flags indicating how the sandbox should be run.

ROOT_READ_ONLY = 1

The root filesystem is read only.

This is normally true except when running integration commands on staged dependencies, where we have to update caches and run things such as ldconfig.

NETWORK_ENABLED = 2

Whether to expose host network.

This should not be set when running builds, but can be allowed for running a shell in a sandbox.

INTERACTIVE = 4

Whether to run the sandbox interactively

This determines if the sandbox should attempt to connect the terminal through to the calling process, or detach the terminal entirely.

class Sandbox

Bases: object

Sandbox programming interface for Element plugins.

DEVICES = ['/dev/urandom', '/dev/random', '/dev/zero', '/dev/null']
get_directory()

Fetches the sandbox root directory

The root directory is where artifacts for the base runtime environment should be staged.

Returns:The sandbox root directory
Return type:(str)
set_environment(environment)

Sets the environment variables for the sandbox

Parameters:directory (dict) – The environment variables to use in the sandbox
set_work_directory(directory)

Sets the work directory for commands run in the sandbox

Parameters:directory (str) – An absolute path within the sandbox
mark_directory(directory, *, artifact=False)

Marks a sandbox directory and ensures it will exist

Parameters:
  • directory (str) – An absolute path within the sandbox to mark
  • artifact (bool) – Whether the content staged at this location contains artifacts

Note

Any marked directories will be read-write in the sandboxed environment, only the root directory is allowed to be readonly.

run(command, flags, *, cwd=None, env=None)

Run a command in the sandbox.

Parameters:
  • command (list) – The command to run in the sandboxed environment, as a list of strings starting with the binary to run.
  • flags (SandboxFlags) – The flags for running this command.
  • cwd (str) – The sandbox relative working directory in which to run the command.
  • env (dict) – A dictionary of string key, value pairs to set as environment variables inside the sandbox environment.
Returns:

The program exit code.
Return type:

(int)
Raises:

(ProgramNotFoundError) – If a host tool which the given sandbox implementation requires is not found.

Note

The optional cwd argument will default to the value set with set_work_directory()