path: root/about/what-is.mdwn
diff options
author <Richard_Maw@web>2017-02-12 14:39:37 +0000
committerDaniel Silverstone <>2017-02-12 14:39:37 +0000
commitc2d5beef022e84817e8987dd43b2bbe24adb9ac0 (patch)
tree03d268925084fbca925d05be269dce7d71a94c71 /about/what-is.mdwn
parentfe8ea01ea1e1e4f91fb8b8d6b0fe41cf11e19afc (diff)
Describe sandboxing
Diffstat (limited to 'about/what-is.mdwn')
1 files changed, 10 insertions, 0 deletions
diff --git a/about/what-is.mdwn b/about/what-is.mdwn
index e1fa5c9..5d6648e 100644
--- a/about/what-is.mdwn
+++ b/about/what-is.mdwn
@@ -29,9 +29,19 @@ Gitano implements the git interface by generating `git-daemon-export-ok` files f
# Access rules defined as customisable ACLs
All Gitano commands consult ACLs written in [lace][] to determine whether the operation is permitted.
+Existing git operations have ACLs applied by a hook installed by Gitano.
This allows a Gitano administrator to define rules that permit delegation of roles to different users,
and if those roles are defined by group membership and the ability to add a user to a group is delegated
then the permission to grant permissions can also be delegated.
+# Maximally sandboxed hooks run in Lua
+In addition to installing hooks to provide ACL checking for git operations,
+these hooks will also run hooks written in Lua in a [supple][] sandbox,
+so it's safe to run semi-trusted code contributed by users
+for purposes such as notifying web services of a repository update.