Debug some horrifying permission errors
This commit is contained in:
Radon Rosborough
parent
a9c61d2de4
commit
15e5f5cff8
6
Makefile
6
Makefile
|
|
@ -88,16 +88,16 @@ shell: # I=<shell> [L=<lang>] [E[E]=1] [P1|P2=<port>] [CMD="<arg>..."] : Launch
|
||||||
@: $${I}
|
@: $${I}
|
||||||
ifneq (,$(filter $(I),admin ci))
|
ifneq (,$(filter $(I),admin ci))
|
||||||
@mkdir -p $(HOME)/.aws $(HOME)/.docker $(HOME)/.ssh $(HOME)/.terraform.d
|
@mkdir -p $(HOME)/.aws $(HOME)/.docker $(HOME)/.ssh $(HOME)/.terraform.d
|
||||||
docker run $(IT_ARG) --rm --hostname $(I) -v $(VOLUME_MOUNT):/src -v /var/run/riju:/var/run/riju -v /var/run/docker.sock:/var/run/docker.sock -v $(HOME)/.aws:/var/run/riju/.aws -v $(HOME)/.docker:/var/run/riju/.docker -v $(HOME)/.ssh:/var/run/riju/.ssh -v $(HOME)/.terraform.d:/var/run/riju/.terraform.d -e NI -e AWS_REGION -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e DOCKER_REPO -e PUBLIC_DOCKER_REPO -e S3_BUCKET -e DOMAIN -e VOLUME_MOUNT=$(VOLUME_MOUNT) $(SHELL_PORTS) $(SHELL_ENV) $(WITH_IMAGE_HASH) --network host riju:$(I) $(BASH_CMD)
|
docker run $(IT_ARG) --rm --hostname $(I) -v $(VOLUME_MOUNT):/src -v /var/cache/riju:/var/cache/riju -v /var/run/docker.sock:/var/run/docker.sock -v $(HOME)/.aws:/var/cache/riju/.aws -v $(HOME)/.docker:/var/cache/riju/.docker -v $(HOME)/.ssh:/var/cache/riju/.ssh -v $(HOME)/.terraform.d:/var/cache/riju/.terraform.d -e NI -e AWS_REGION -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e DOCKER_REPO -e PUBLIC_DOCKER_REPO -e S3_BUCKET -e DOMAIN -e VOLUME_MOUNT=$(VOLUME_MOUNT) $(SHELL_PORTS) $(SHELL_ENV) $(WITH_IMAGE_HASH) --network host riju:$(I) $(BASH_CMD)
|
||||||
else ifeq ($(I),app)
|
else ifeq ($(I),app)
|
||||||
docker run $(IT_ARG) --rm --hostname $(I) -v /var/run/riju:/var/run/riju -v /var/run/docker.sock:/var/run/docker.sock $(SHELL_PORTS) $(SHELL_ENV) $(WITH_IMAGE_HASH) riju:$(I) $(BASH_CMD)
|
docker run $(IT_ARG) --rm --hostname $(I) -v /var/cache/riju:/var/cache/riju -v /var/run/docker.sock:/var/run/docker.sock $(SHELL_PORTS) $(SHELL_ENV) $(WITH_IMAGE_HASH) riju:$(I) $(BASH_CMD)
|
||||||
else ifneq (,$(filter $(I),base lang))
|
else ifneq (,$(filter $(I),base lang))
|
||||||
ifeq ($(I),lang)
|
ifeq ($(I),lang)
|
||||||
@: $${L}
|
@: $${L}
|
||||||
endif
|
endif
|
||||||
docker run $(IT_ARG) --rm --hostname $(LANG_TAG) -v $(VOLUME_MOUNT):/src $(SHELL_PORTS) $(SHELL_ENV) $(WITH_IMAGE_HASH) riju:$(LANG_TAG) $(BASH_CMD)
|
docker run $(IT_ARG) --rm --hostname $(LANG_TAG) -v $(VOLUME_MOUNT):/src $(SHELL_PORTS) $(SHELL_ENV) $(WITH_IMAGE_HASH) riju:$(LANG_TAG) $(BASH_CMD)
|
||||||
else ifeq ($(I),runtime)
|
else ifeq ($(I),runtime)
|
||||||
docker run $(IT_ARG) --rm --hostname $(I) -v $(VOLUME_MOUNT):/src -v /var/run/riju:/var/run/riju -v /var/run/docker.sock:/var/run/docker.sock $(SHELL_PORTS) $(SHELL_ENV) $(WITH_IMAGE_HASH) riju:$(I) $(BASH_CMD)
|
docker run $(IT_ARG) --rm --hostname $(I) -v $(VOLUME_MOUNT):/src -v /var/cache/riju:/var/cache/riju -v /var/run/docker.sock:/var/run/docker.sock $(SHELL_PORTS) $(SHELL_ENV) $(WITH_IMAGE_HASH) riju:$(I) $(BASH_CMD)
|
||||||
else
|
else
|
||||||
docker run $(IT_ARG) --rm --hostname $(I) -v $(VOLUME_MOUNT):/src $(SHELL_PORTS) $(SHELL_ENV) $(WITH_IMAGE_HASH) riju:$(I) $(BASH_CMD)
|
docker run $(IT_ARG) --rm --hostname $(I) -v $(VOLUME_MOUNT):/src $(SHELL_PORTS) $(SHELL_ENV) $(WITH_IMAGE_HASH) riju:$(I) $(BASH_CMD)
|
||||||
endif
|
endif
|
||||||
|
|
|
||||||
|
|
@ -37,6 +37,7 @@ clang
|
||||||
clang-format
|
clang-format
|
||||||
dctrl-tools
|
dctrl-tools
|
||||||
docker-ce-cli
|
docker-ce-cli
|
||||||
|
file
|
||||||
g++
|
g++
|
||||||
git
|
git
|
||||||
golang
|
golang
|
||||||
|
|
|
||||||
|
|
@ -7,10 +7,10 @@ tee -a /etc/hosts >/dev/null <<< "127.0.0.1 $(hostname)"
|
||||||
groupadd -g "$(stat -c %g "$PWD")" -o -p '!' -r riju
|
groupadd -g "$(stat -c %g "$PWD")" -o -p '!' -r riju
|
||||||
useradd -u "$(stat -c %u "$PWD")" -g "$(stat -c %g "$PWD")" -o -p '!' -m -N -l -s /usr/bin/bash -G sudo riju
|
useradd -u "$(stat -c %u "$PWD")" -g "$(stat -c %g "$PWD")" -o -p '!' -m -N -l -s /usr/bin/bash -G sudo riju
|
||||||
|
|
||||||
runuser -u riju -- ln -sT /var/run/riju/.aws /home/riju/.aws
|
runuser -u riju -- ln -sT /var/cache/riju/.aws /home/riju/.aws
|
||||||
runuser -u riju -- ln -sT /var/run/riju/.docker /home/riju/.docker
|
runuser -u riju -- ln -sT /var/cache/riju/.docker /home/riju/.docker
|
||||||
runuser -u riju -- ln -sT /var/run/riju/.ssh /home/riju/.ssh
|
runuser -u riju -- ln -sT /var/cache/riju/.ssh /home/riju/.ssh
|
||||||
runuser -u riju -- ln -sT /var/run/riju/.terraform.d /home/riju/.terraform.d
|
runuser -u riju -- ln -sT /var/cache/riju/.terraform.d /home/riju/.terraform.d
|
||||||
|
|
||||||
runuser -u riju -- touch /home/riju/.sudo_as_admin_successful
|
runuser -u riju -- touch /home/riju/.sudo_as_admin_successful
|
||||||
runuser -u riju -- tee -a /home/riju/.bashrc >/dev/null <<"EOF"
|
runuser -u riju -- tee -a /home/riju/.bashrc >/dev/null <<"EOF"
|
||||||
|
|
|
||||||
|
|
@ -344,7 +344,7 @@ func (sv *supervisor) reload() error {
|
||||||
sv.status("starting container " + name)
|
sv.status("starting container " + name)
|
||||||
dockerRun := exec.Command(
|
dockerRun := exec.Command(
|
||||||
"docker", "run", "-d",
|
"docker", "run", "-d",
|
||||||
"-v", "/var/run/riju:/var/run/riju",
|
"-v", "/var/cache/riju:/var/cache/riju",
|
||||||
"-v", "/var/run/docker.sock:/var/run/docker.sock",
|
"-v", "/var/run/docker.sock:/var/run/docker.sock",
|
||||||
"-p", fmt.Sprintf("127.0.0.1:%d:6119", port),
|
"-p", fmt.Sprintf("127.0.0.1:%d:6119", port),
|
||||||
"-e", "FATHOM_SITE_ID",
|
"-e", "FATHOM_SITE_ID",
|
||||||
|
|
|
||||||
|
|
@ -10,13 +10,16 @@ while read -t2 -a cmd; do
|
||||||
if (( "${#cmd[@]}" < 3 )); then
|
if (( "${#cmd[@]}" < 3 )); then
|
||||||
echo >&2 "usage: (exec|pty) UUID ARG..."
|
echo >&2 "usage: (exec|pty) UUID ARG..."
|
||||||
else
|
else
|
||||||
|
if [[ "${cmd[0]}" == pty ]]; then
|
||||||
|
maybe_pty=/var/cache/riju/share/riju-pty
|
||||||
|
fi
|
||||||
uuid="${cmd[1]}"
|
uuid="${cmd[1]}"
|
||||||
args=("${cmd[@]:2}")
|
args=("${cmd[@]:2}")
|
||||||
echo >&2 "${cmd[0]} ${args[0]} with UUID ${uuid}"
|
echo >&2 "${cmd[0]} ${args[0]} with UUID ${uuid}"
|
||||||
input="/var/run/riju/share/cmd-${uuid}-input"
|
input="/var/cache/riju/share/cmd-${uuid}-input"
|
||||||
output="/var/run/riju/share/cmd-${uuid}-output"
|
output="/var/cache/riju/share/cmd-${uuid}-output"
|
||||||
mkfifo "${input}" "${output}"
|
mkfifo "${input}" "${output}"
|
||||||
runuser -u riju -- bash -c 'exec "$@"' sentinel "${args[@]}" < "${input}" &> "${output}" &
|
${maybe_pty:-} runuser -u riju -- bash -c 'exec "$@"' sentinel "${args[@]}" < "${input}" &> "${output}" &
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
|
|
@ -24,4 +27,4 @@ while read -t2 -a cmd; do
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
done < /var/run/riju/share/control
|
done < /var/cache/riju/share/control
|
||||||
|
|
|
||||||
|
|
@ -119,6 +119,8 @@ int main(int argc, char **argv)
|
||||||
ptr += len_written;
|
ptr += len_written;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if (len < 0)
|
||||||
|
die("read failed");
|
||||||
} else {
|
} else {
|
||||||
if (setvbuf(stdout, NULL, _IONBF, 0) != 0)
|
if (setvbuf(stdout, NULL, _IONBF, 0) != 0)
|
||||||
die("setvbuf failed");
|
die("setvbuf failed");
|
||||||
|
|
@ -129,6 +131,8 @@ int main(int argc, char **argv)
|
||||||
if (feof(stdout))
|
if (feof(stdout))
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
if (len < 0)
|
||||||
|
die("read failed");
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -134,7 +134,7 @@ void wait_alarm(int signum)
|
||||||
|
|
||||||
void session(char *uuid, char *lang, char *imageHash)
|
void session(char *uuid, char *lang, char *imageHash)
|
||||||
{
|
{
|
||||||
char *image, *container, *hostname, *share, *volume, *fifo;
|
char *image, *container, *hostname, *share, *volume, *fifo, *rijuPtyPath;
|
||||||
if ((imageHash != NULL ? asprintf(&image, "riju:lang-%s-%s", lang, imageHash)
|
if ((imageHash != NULL ? asprintf(&image, "riju:lang-%s-%s", lang, imageHash)
|
||||||
: asprintf(&image, "riju:lang-%s", lang)) < 0)
|
: asprintf(&image, "riju:lang-%s", lang)) < 0)
|
||||||
die("asprintf failed");
|
die("asprintf failed");
|
||||||
|
|
@ -142,15 +142,41 @@ void session(char *uuid, char *lang, char *imageHash)
|
||||||
die("asprintf failed");
|
die("asprintf failed");
|
||||||
if (asprintf(&hostname, "HOSTNAME=%s", lang) < 0)
|
if (asprintf(&hostname, "HOSTNAME=%s", lang) < 0)
|
||||||
die("asprintf failed");
|
die("asprintf failed");
|
||||||
if (asprintf(&share, "/var/run/riju/shares/%s", uuid) < 0)
|
if (asprintf(&share, "/var/cache/riju/shares/%s", uuid) < 0)
|
||||||
die("asprintf failed");
|
die("asprintf failed");
|
||||||
int rv = mkdir("/var/run/riju/shares", 0700);
|
int rv = mkdir("/var/cache/riju/shares", 0700);
|
||||||
if (rv < 0 && errno != EEXIST)
|
if (rv < 0 && errno != EEXIST)
|
||||||
die("mkdir failed");
|
die("mkdir failed");
|
||||||
rv = mkdir(share, 0700);
|
rv = mkdir(share, 0700);
|
||||||
if (rv < 0 && errno != EEXIST)
|
if (rv < 0)
|
||||||
die("mkdir failed");
|
die("mkdir failed");
|
||||||
if (asprintf(&volume, "%s:/var/run/riju/share", share) < 0)
|
if (asprintf(&rijuPtyPath, "%s/riju-pty", share) < 0)
|
||||||
|
die("asprintf failed");
|
||||||
|
int fdFrom = open("/src/system/out/riju-pty", O_RDONLY);
|
||||||
|
if (fdFrom < 0)
|
||||||
|
die("open failed");
|
||||||
|
int fdTo = open(rijuPtyPath, O_WRONLY | O_CREAT | O_EXCL, 0700);
|
||||||
|
if (fdTo < 0)
|
||||||
|
die("open failed");
|
||||||
|
char buf[1024];
|
||||||
|
int len, len_written;
|
||||||
|
while ((len = read(fdFrom, buf, 1024)) > 0) {
|
||||||
|
char *ptr = buf;
|
||||||
|
while (len > 0) {
|
||||||
|
len_written = write(fdTo, ptr, len);
|
||||||
|
if (len_written < 0)
|
||||||
|
die("write failed");
|
||||||
|
len -= len_written;
|
||||||
|
ptr += len_written;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (close(fdFrom) < 0)
|
||||||
|
die("close failed");
|
||||||
|
if (close(fdTo) < 0)
|
||||||
|
die("close failed");
|
||||||
|
if (len < 0)
|
||||||
|
die("read failed");
|
||||||
|
if (asprintf(&volume, "%s:/var/cache/riju/share", share) < 0)
|
||||||
die("asprintf failed");
|
die("asprintf failed");
|
||||||
if (asprintf(&fifo, "%s/control", share) < 0)
|
if (asprintf(&fifo, "%s/control", share) < 0)
|
||||||
die("asprintf failed");
|
die("asprintf failed");
|
||||||
|
|
@ -261,7 +287,7 @@ void exec(char *uuid, int argc, char **cmdline, bool pty)
|
||||||
if (setvbuf(stdout, NULL, _IONBF, 0) != 0)
|
if (setvbuf(stdout, NULL, _IONBF, 0) != 0)
|
||||||
die("setvbuf failed");
|
die("setvbuf failed");
|
||||||
char *share, *ctlFIFO, *inputFIFO, *outputFIFO, *ctlCmd, *dataFIFO;
|
char *share, *ctlFIFO, *inputFIFO, *outputFIFO, *ctlCmd, *dataFIFO;
|
||||||
if (asprintf(&share, "/var/run/riju/shares/%s", uuid) < 0)
|
if (asprintf(&share, "/var/cache/riju/shares/%s", uuid) < 0)
|
||||||
die("asprintf failed");
|
die("asprintf failed");
|
||||||
if (asprintf(&ctlFIFO, "%s/control", share) < 0)
|
if (asprintf(&ctlFIFO, "%s/control", share) < 0)
|
||||||
die("asprintf failed");
|
die("asprintf failed");
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue