nodejs
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

test: clarify fork inherit permission flags 

This commit updates the documentation and includes
a test to ensure that permission model flags
will be passed to the child process if `fork`
is called

PR-URL: https://github.com/nodejs/node/pull/56523
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit is contained in:
Rafael Gonzaga 2025-01-11 18:11:16 -03:00 committed by GitHub
parent 7154b321de
commit 808e6b36a3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
doc/api/cli.md
View File

@ -174,19 +174,18 @@ node:internal/child_process:388
^ ^
Error: Access to this API has been restricted Error: Access to this API has been restricted
at ChildProcess.spawn (node:internal/child_process:388:28) at ChildProcess.spawn (node:internal/child_process:388:28)
at Object.spawn (node:child_process:723:9)
at Object.<anonymous> (/home/index.js:3:14)
at Module._compile (node:internal/modules/cjs/loader:1120:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1174:10)
at Module.load (node:internal/modules/cjs/loader:998:32)
at Module._load (node:internal/modules/cjs/loader:839:12)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:81:12)
at node:internal/main/run_main_module:17:47 { at node:internal/main/run_main_module:17:47 {
code: 'ERR_ACCESS_DENIED', code: 'ERR_ACCESS_DENIED',
permission: 'ChildProcess' permission: 'ChildProcess'
} }
``` ```
Unlike `child_process.spawn`, the `child_process.fork` API copies the execution
arguments from the parent process. This means that if you start Node.js with the
Permission Model enabled and include the `--allow-child-process` flag, calling
`child_process.fork()` will propagate all Permission Model flags to the child
process.
### `--allow-fs-read` ### `--allow-fs-read`
<!-- YAML <!-- YAML

10
test/parallel/test-permission-allow-child-process-cli.js
View File

@ -5,8 +5,15 @@ const common = require('../common');
common.skipIfWorker(); common.skipIfWorker();
const assert = require('assert'); const assert = require('assert');
const childProcess = require('child_process'); const childProcess = require('child_process');
const fs = require('fs');
if (process.argv[2] === 'child') { if (process.argv[2] === 'child') {
assert.throws(() => {
fs.writeFileSync(__filename, 'should not write');
}, common.expectsError({
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemWrite',
}));
process.exit(0); process.exit(0);
} }
@ -21,6 +28,7 @@ if (process.argv[2] === 'child') {
// doesNotThrow // doesNotThrow
childProcess.spawnSync(process.execPath, ['--version']); childProcess.spawnSync(process.execPath, ['--version']);
childProcess.execSync(...common.escapePOSIXShell`"${process.execPath}" --version`); childProcess.execSync(...common.escapePOSIXShell`"${process.execPath}" --version`);
childProcess.fork(__filename, ['child']); const child = childProcess.fork(__filename, ['child']);
child.on('close', common.mustCall());
childProcess.execFileSync(process.execPath, ['--version']); childProcess.execFileSync(process.execPath, ['--version']);
} }