From 3873b8619e250ef70c212b0af11be504605eda10 Mon Sep 17 00:00:00 2001 From: Tyler Goodlet Date: Thu, 17 Feb 2022 14:29:04 -0500 Subject: [PATCH] De-escalate sudo perms in `pikerd` once docker spawns --- piker/data/_ahab.py | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/piker/data/_ahab.py b/piker/data/_ahab.py index 07310c4e..baa396ab 100644 --- a/piker/data/_ahab.py +++ b/piker/data/_ahab.py @@ -18,6 +18,7 @@ Supervisor for docker with included specific-image service helpers. ''' +import os from typing import ( Optional, # Any, @@ -35,7 +36,7 @@ from docker.errors import DockerException from requests.exceptions import ConnectionError from ..log import get_logger # , get_console_log -from ..config import _config_dir +from .. import config log = get_logger(__name__) @@ -78,9 +79,11 @@ triggers: ''' + class DockerNotStarted(Exception): 'Prolly you dint start da daemon bruh' + @acm async def open_docker( url: Optional[str] = None, @@ -171,7 +174,7 @@ async def open_marketstore( # create a mount from user's local piker config dir into container config_dir_mnt = docker.types.Mount( target='/etc', - source=_config_dir, + source=config._config_dir, type='bind', ) @@ -226,19 +229,26 @@ async def start_ahab( ) -> None: cn_ready = trio.Event() - task_status.started(cn_ready) async with tractor.open_nursery( loglevel='runtime', ) as tn: - async with ( - ( - await tn.start_actor('ahab', enable_modules=[__name__]) - ).open_context( - open_marketstore, - ) as (ctx, first), - ): - assert str(first) + portal = await tn.start_actor('ahab', enable_modules=[__name__]) + if config._parent_user: + import pwd + os.setuid( + pwd.getpwnam( + config._parent_user + )[2] # named user's uid + ) + + task_status.started(cn_ready) + + async with portal.open_context( + open_marketstore, + ) as (ctx, first): + + assert str(first) # run till cancelled await trio.sleep_forever()