MirrorMirror
/
riju
mirror of https://github.com/radian-software/riju.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Debug some horrifying permission errors

This commit is contained in:
Radon Rosborough 2021-08-12 19:15:27 -07:00
parent a9c61d2de4
commit 15e5f5cff8
7 changed files with 52 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Makefile
View File

@ -88,16 +88,16 @@ shell: # I=<shell> [L=<lang>] [E[E]=1] [P1|P2=<port>] [CMD="<arg>..."] : Launch
@: $${I}
ifneq (,$(filter $(I),admin ci))
@mkdir -p $(HOME)/.aws $(HOME)/.docker $(HOME)/.ssh $(HOME)/.terraform.d
docker run $(IT_ARG) --rm --hostname $(I) -v $(VOLUME_MOUNT):/src -v /var/run/riju:/var/run/riju -v /var/run/docker.sock:/var/run/docker.sock -v $(HOME)/.aws:/var/run/riju/.aws -v $(HOME)/.docker:/var/run/riju/.docker -v $(HOME)/.ssh:/var/run/riju/.ssh -v $(HOME)/.terraform.d:/var/run/riju/.terraform.d -e NI -e AWS_REGION -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e DOCKER_REPO -e PUBLIC_DOCKER_REPO -e S3_BUCKET -e DOMAIN -e VOLUME_MOUNT=$(VOLUME_MOUNT) $(SHELL_PORTS) $(SHELL_ENV) $(WITH_IMAGE_HASH) --network host riju:$(I) $(BASH_CMD)
docker run $(IT_ARG) --rm --hostname $(I) -v $(VOLUME_MOUNT):/src -v /var/cache/riju:/var/cache/riju -v /var/run/docker.sock:/var/run/docker.sock -v $(HOME)/.aws:/var/cache/riju/.aws -v $(HOME)/.docker:/var/cache/riju/.docker -v $(HOME)/.ssh:/var/cache/riju/.ssh -v $(HOME)/.terraform.d:/var/cache/riju/.terraform.d -e NI -e AWS_REGION -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e DOCKER_REPO -e PUBLIC_DOCKER_REPO -e S3_BUCKET -e DOMAIN -e VOLUME_MOUNT=$(VOLUME_MOUNT) $(SHELL_PORTS) $(SHELL_ENV) $(WITH_IMAGE_HASH) --network host riju:$(I) $(BASH_CMD)
else ifeq ($(I),app)
docker run $(IT_ARG) --rm --hostname $(I) -v /var/run/riju:/var/run/riju -v /var/run/docker.sock:/var/run/docker.sock $(SHELL_PORTS) $(SHELL_ENV) $(WITH_IMAGE_HASH) riju:$(I) $(BASH_CMD)
docker run $(IT_ARG) --rm --hostname $(I) -v /var/cache/riju:/var/cache/riju -v /var/run/docker.sock:/var/run/docker.sock $(SHELL_PORTS) $(SHELL_ENV) $(WITH_IMAGE_HASH) riju:$(I) $(BASH_CMD)
else ifneq (,$(filter $(I),base lang))
ifeq ($(I),lang)
@: $${L}
endif
docker run $(IT_ARG) --rm --hostname $(LANG_TAG) -v $(VOLUME_MOUNT):/src $(SHELL_PORTS) $(SHELL_ENV) $(WITH_IMAGE_HASH) riju:$(LANG_TAG) $(BASH_CMD)
else ifeq ($(I),runtime)
docker run $(IT_ARG) --rm --hostname $(I) -v $(VOLUME_MOUNT):/src -v /var/run/riju:/var/run/riju -v /var/run/docker.sock:/var/run/docker.sock $(SHELL_PORTS) $(SHELL_ENV) $(WITH_IMAGE_HASH) riju:$(I) $(BASH_CMD)
docker run $(IT_ARG) --rm --hostname $(I) -v $(VOLUME_MOUNT):/src -v /var/cache/riju:/var/cache/riju -v /var/run/docker.sock:/var/run/docker.sock $(SHELL_PORTS) $(SHELL_ENV) $(WITH_IMAGE_HASH) riju:$(I) $(BASH_CMD)
else
docker run $(IT_ARG) --rm --hostname $(I) -v $(VOLUME_MOUNT):/src $(SHELL_PORTS) $(SHELL_ENV) $(WITH_IMAGE_HASH) riju:$(I) $(BASH_CMD)
endif

1
docker/admin/install.bash
View File

@ -37,6 +37,7 @@ clang
clang-format
dctrl-tools
docker-ce-cli
file
g++
git
golang

8
docker/shared/admin-pid1.bash
View File

@ -7,10 +7,10 @@ tee -a /etc/hosts >/dev/null <<< "127.0.0.1 $(hostname)"
groupadd -g "$(stat -c %g "$PWD")" -o -p '!' -r riju
useradd -u "$(stat -c %u "$PWD")" -g "$(stat -c %g "$PWD")" -o -p '!' -m -N -l -s /usr/bin/bash -G sudo riju
runuser -u riju -- ln -sT /var/run/riju/.aws /home/riju/.aws
runuser -u riju -- ln -sT /var/run/riju/.docker /home/riju/.docker
runuser -u riju -- ln -sT /var/run/riju/.ssh /home/riju/.ssh
runuser -u riju -- ln -sT /var/run/riju/.terraform.d /home/riju/.terraform.d
runuser -u riju -- ln -sT /var/cache/riju/.aws /home/riju/.aws
runuser -u riju -- ln -sT /var/cache/riju/.docker /home/riju/.docker
runuser -u riju -- ln -sT /var/cache/riju/.ssh /home/riju/.ssh
runuser -u riju -- ln -sT /var/cache/riju/.terraform.d /home/riju/.terraform.d
runuser -u riju -- touch /home/riju/.sudo_as_admin_successful
runuser -u riju -- tee -a /home/riju/.bashrc >/dev/null <<"EOF"

2
supervisor/src/main.go
View File

@ -344,7 +344,7 @@ func (sv *supervisor) reload() error {
sv.status("starting container " + name)
dockerRun := exec.Command(
"docker", "run", "-d",
"-v", "/var/run/riju:/var/run/riju",
"-v", "/var/cache/riju:/var/cache/riju",
"-v", "/var/run/docker.sock:/var/run/docker.sock",
"-p", fmt.Sprintf("127.0.0.1:%d:6119", port),
"-e", "FATHOM_SITE_ID",

11
system/res/sentinel.bash
View File

@ -10,13 +10,16 @@ while read -t2 -a cmd; do
if (( "${#cmd[@]}" < 3 )); then
echo >&2 "usage: (exec|pty) UUID ARG..."
else
if [[ "${cmd[0]}" == pty ]]; then
maybe_pty=/var/cache/riju/share/riju-pty
fi
uuid="${cmd[1]}"
args=("${cmd[@]:2}")
echo >&2 "${cmd[0]} ${args[0]} with UUID ${uuid}"
input="/var/run/riju/share/cmd-${uuid}-input"
output="/var/run/riju/share/cmd-${uuid}-output"
input="/var/cache/riju/share/cmd-${uuid}-input"
output="/var/cache/riju/share/cmd-${uuid}-output"
mkfifo "${input}" "${output}"
runuser -u riju -- bash -c 'exec "$@"' sentinel "${args[@]}" < "${input}" &> "${output}" &
${maybe_pty:-} runuser -u riju -- bash -c 'exec "$@"' sentinel "${args[@]}" < "${input}" &> "${output}" &
fi
;;
*)
@ -24,4 +27,4 @@ while read -t2 -a cmd; do
;;
esac
fi
done < /var/run/riju/share/control
done < /var/cache/riju/share/control

4
system/src/riju-pty.c
View File

@ -119,6 +119,8 @@ int main(int argc, char **argv)
ptr += len_written;
}
}
if (len < 0)
die("read failed");
} else {
if (setvbuf(stdout, NULL, _IONBF, 0) != 0)
die("setvbuf failed");
@ -129,6 +131,8 @@ int main(int argc, char **argv)
if (feof(stdout))
break;
}
if (len < 0)
die("read failed");
}
return 0;
}

38
system/src/riju-system-privileged.c
View File

@ -134,7 +134,7 @@ void wait_alarm(int signum)
void session(char *uuid, char *lang, char *imageHash)
{
char *image, *container, *hostname, *share, *volume, *fifo;
char *image, *container, *hostname, *share, *volume, *fifo, *rijuPtyPath;
if ((imageHash != NULL ? asprintf(&image, "riju:lang-%s-%s", lang, imageHash)
: asprintf(&image, "riju:lang-%s", lang)) < 0)
die("asprintf failed");
@ -142,15 +142,41 @@ void session(char *uuid, char *lang, char *imageHash)
die("asprintf failed");
if (asprintf(&hostname, "HOSTNAME=%s", lang) < 0)
die("asprintf failed");
if (asprintf(&share, "/var/run/riju/shares/%s", uuid) < 0)
if (asprintf(&share, "/var/cache/riju/shares/%s", uuid) < 0)
die("asprintf failed");
int rv = mkdir("/var/run/riju/shares", 0700);
int rv = mkdir("/var/cache/riju/shares", 0700);
if (rv < 0 && errno != EEXIST)
die("mkdir failed");
rv = mkdir(share, 0700);
if (rv < 0 && errno != EEXIST)
if (rv < 0)
die("mkdir failed");
if (asprintf(&volume, "%s:/var/run/riju/share", share) < 0)
if (asprintf(&rijuPtyPath, "%s/riju-pty", share) < 0)
die("asprintf failed");
int fdFrom = open("/src/system/out/riju-pty", O_RDONLY);
if (fdFrom < 0)
die("open failed");
int fdTo = open(rijuPtyPath, O_WRONLY | O_CREAT | O_EXCL, 0700);
if (fdTo < 0)
die("open failed");
char buf[1024];
int len, len_written;
while ((len = read(fdFrom, buf, 1024)) > 0) {
char *ptr = buf;
while (len > 0) {
len_written = write(fdTo, ptr, len);
if (len_written < 0)
die("write failed");
len -= len_written;
ptr += len_written;
}
}
if (close(fdFrom) < 0)
die("close failed");
if (close(fdTo) < 0)
die("close failed");
if (len < 0)
die("read failed");
if (asprintf(&volume, "%s:/var/cache/riju/share", share) < 0)
die("asprintf failed");
if (asprintf(&fifo, "%s/control", share) < 0)
die("asprintf failed");
@ -261,7 +287,7 @@ void exec(char *uuid, int argc, char **cmdline, bool pty)
if (setvbuf(stdout, NULL, _IONBF, 0) != 0)
die("setvbuf failed");
char *share, *ctlFIFO, *inputFIFO, *outputFIFO, *ctlCmd, *dataFIFO;
if (asprintf(&share, "/var/run/riju/shares/%s", uuid) < 0)
if (asprintf(&share, "/var/cache/riju/shares/%s", uuid) < 0)
die("asprintf failed");
if (asprintf(&ctlFIFO, "%s/control", share) < 0)
die("asprintf failed");