De-escalate sudo perms in `pikerd` once docker spawns

marketstore
Tyler Goodlet 2022-02-17 14:29:04 -05:00
parent d6ffe1ba7a
commit 5a592d5f42
1 changed files with 21 additions and 11 deletions

View File

@ -18,6 +18,7 @@
Supervisor for docker with included specific-image service helpers.
'''
import os
from typing import (
Optional,
# Any,
@ -35,7 +36,7 @@ from docker.errors import DockerException
from requests.exceptions import ConnectionError
from ..log import get_logger # , get_console_log
from ..config import _config_dir
from .. import config
log = get_logger(__name__)
@ -78,9 +79,11 @@ triggers:
'''
class DockerNotStarted(Exception):
'Prolly you dint start da daemon bruh'
@acm
async def open_docker(
url: Optional[str] = None,
@ -171,7 +174,7 @@ async def open_marketstore(
# create a mount from user's local piker config dir into container
config_dir_mnt = docker.types.Mount(
target='/etc',
source=_config_dir,
source=config._config_dir,
type='bind',
)
@ -226,19 +229,26 @@ async def start_ahab(
) -> None:
cn_ready = trio.Event()
task_status.started(cn_ready)
async with tractor.open_nursery(
loglevel='runtime',
) as tn:
async with (
(
await tn.start_actor('ahab', enable_modules=[__name__])
).open_context(
open_marketstore,
) as (ctx, first),
):
assert str(first)
portal = await tn.start_actor('ahab', enable_modules=[__name__])
if config._parent_user:
import pwd
os.setuid(
pwd.getpwnam(
config._parent_user
)[2] # named user's uid
)
task_status.started(cn_ready)
async with portal.open_context(
open_marketstore,
) as (ctx, first):
assert str(first)
# run till cancelled
await trio.sleep_forever()