Shellbox/ja



Shellbox is a library for command execution, and also a server and client for remote command execution. It was primarily implemented to sandbox LilyPond (used by the Score extension) and provide a way for MediaWiki to utilize external binaries without needing to run them in the same container. It was designed and approved via RFC: PHP microservice for containerized shell execution. Shellbox is usable starting with.

Information about using Shellbox in MediaWiki is available at.

Server setup
It is recommended that you set up Shellbox to run as an unprivileged user inside an isolated container with no external network access. Wikimedia uses Kubernetes for this purpose and has a Helm chart that may be reusable.

The following packages should be installed inside the container: Apache2, PHP-FPM, and whatever commands you need to shell out to (e.g. ,  , etc.).

In the following examples we use  as the container internal hostname.


 * Get the Shellbox source and its dependencies:
 * Create an unprivileged user for Shellbox:
 * Create a temporary work directory for Shellbox:
 * Create the Shellbox configuration file referencing that temporary work directory :
 * Generate a secret key; it is strongly recommended to use a 128-bit minimal strength, so here we use 16 random bytes formatted into an hexadecimal string:
 * Create the Apache configuration, and paste the secret key inside :
 * Protect the Apache configuration file against unprivileged reads of the secret key and unprivileged modifications, by any other system user or group than those configured to run Apache itself on the server:
 * Create the PHP-FPM pool configuration. When configured in this way, Shellbox does not have permission to connect to the PHP-FPM socket:

Pre-built containers
Wikimedia has pre-built containers that contain Shellbox, it's dependencies, and PHP-FPM:


 * Wikimedia Docker registry for Shellbox containers

These images currently have no stability guarantee/versioning (help wanted on figuring this out).

Routes
Shellbox exposes a  route for manual and automated health checks. It also has a PHP-RPC interface for executing sandboxed PHP code.