权限模型约束

¥Permission Model constraints

在使用此系统之前，你需要了解一些限制条件：

¥There are constraints you need to know before using this system:

• 该模型不会继承到子节点进程或工作线程。

  ¥The model does not inherit to a child node process or a worker thread.

• 使用权限模型时，以下功能将受到限制：

  ¥When using the Permission Model the following features will be restricted:

  • 原生模块

    ¥Native modules

  • 子进程

    ¥Child process

  • 工作线程

    ¥Worker Threads

  • 检查器协议

    ¥Inspector protocol

  • 文件系统访问

    ¥File system access

  • WASI

• 权限模型是在 Node.js 环境搭建完成后初始化的。但是，某些标志（例如 --env-file 或 --openssl-config）被设计为在环境初始化之前读取文件。因此，此类标志不受权限模型规则的约束。这同样适用于可以通过 v8.setFlagsFromString 在运行时设置的 V8 标志。

  ¥The Permission Model is initialized after the Node.js environment is set up. However, certain flags such as --env-file or --openssl-config are designed to read files before environment initialization. As a result, such flags are not subject to the rules of the Permission Model. The same applies for V8 flags that can be set via runtime through v8.setFlagsFromString.

• 当启用权限模型时，无法在运行时请求 OpenSSL 引擎，从而影响内置的 crypto、https 和 tls 模块。

  ¥OpenSSL engines cannot be requested at runtime when the Permission Model is enabled, affecting the built-in crypto, https, and tls modules.

• 启用权限模型时无法加载运行时可加载扩展，从而影响 sqlite 模块。

  ¥Run-Time Loadable Extensions cannot be loaded when the Permission Model is enabled, affecting the sqlite module.

• 通过 node:fs 模块使用现有文件描述符会绕过权限模型。

  ¥Using existing file descriptors via the node:fs module bypasses the Permission Model.