From 9256f228e6f844d41ae210eab6f1152529d0d60d Mon Sep 17 00:00:00 2001 From: Radon Rosborough Date: Sat, 19 Jun 2021 08:06:05 +0000 Subject: [PATCH] Oh god, well this was terrible --- docker/admin/install.bash | 1 + docker/runtime/install.bash | 1 + system/res/docker-exec.py | 85 +++++++++++++++++++++++++++++ system/src/riju-system-privileged.c | 4 +- 4 files changed, 89 insertions(+), 2 deletions(-) create mode 100755 system/res/docker-exec.py diff --git a/docker/admin/install.bash b/docker/admin/install.bash index 4b4844c..7d784b4 100755 --- a/docker/admin/install.bash +++ b/docker/admin/install.bash @@ -53,6 +53,7 @@ sudo tmux terraform unzip +uuid-runtime vim wget yarn diff --git a/docker/runtime/install.bash b/docker/runtime/install.bash index 73283df..011f226 100755 --- a/docker/runtime/install.bash +++ b/docker/runtime/install.bash @@ -59,6 +59,7 @@ strace sudo tmux tree +uuid-runtime vim " diff --git a/system/res/docker-exec.py b/system/res/docker-exec.py new file mode 100755 index 0000000..48b8634 --- /dev/null +++ b/system/res/docker-exec.py @@ -0,0 +1,85 @@ +#!/usr/bin/env python3 + +import argparse +import signal +import subprocess +import sys +import uuid + +class Parser(argparse.ArgumentParser): + def format_help(self): + return """ +Usage: docker-exec.bash [OPTIONS] CONTAINER COMMAND [ARG...] + +Run a command in a running container + +Options: + -i, --interactive Keep STDIN open even if not attached + -t, --tty Allocate a pseudo-TTY + -u, --user string Username or UID (format: :[]) +""" + +parser = Parser() +parser.add_argument("-i", "--interactive", action="store_true") +parser.add_argument("-t", "--tty", action="store_true") +parser.add_argument("-u", "--user", type=str) +parser.add_argument("container", type=str) +parser.add_argument("arg", type=str, nargs="*") + +args = parser.parse_args() + +pidfiles = "/var/run/riju/pidfiles" +pidfile = pidfiles + "/" + str(uuid.uuid4()).replace("-", "") +print(pidfile) + +# We have to use 'kill -9' here, otherwise runuser intercepts the +# signal and takes its sweet time cleaning up. +def cleanup(*ignored_args): + subprocess.run([ + "docker", + "exec", + args.container, + "bash", + "-c", + f""" +set -euo pipefail +if [[ -f '{pidfile}' ]]; then + kill -9 -$(< '{pidfile}') + rm -f '{pidfile}' +fi + """ + ]) + +signal.signal(signal.SIGINT, cleanup) +signal.signal(signal.SIGTERM, cleanup) + +exec_args = [] + +if args.interactive: + exec_args.append("-i") +if args.tty: + exec_args.append("-t") + +runuser_args = [] + +if args.user: + runuser_args = ["runuser", "-u", args.user, "--"] + +subprocess.run([ + "docker", + "exec", + *exec_args, + args.container, + "bash", + "-c", + f""" +set -euo pipefail +umask 077 +mkdir -p '{pidfiles}' +echo "$$" > '{pidfile}' +exec "$@" + """, + "--", + *runuser_args, + *args.arg, +]) diff --git a/system/src/riju-system-privileged.c b/system/src/riju-system-privileged.c index 50ace35..493c9d3 100644 --- a/system/src/riju-system-privileged.c +++ b/system/src/riju-system-privileged.c @@ -134,11 +134,11 @@ void exec(char *uuid, int argc, char **cmdline, bool pty) if (asprintf(&container, "riju-session-%s", uuid) < 0) die("asprintf failed"); char *argvPrefix[] = { - "docker", - "exec", + "./system/res/docker-exec.py", "--user", "riju", pty ? "-it" : "-i", container, + "--", }; char **argv = malloc(sizeof(argvPrefix) + (argc + 1) * sizeof(char *)); if (argv == NULL)