De-escalate sudo perms in `pikerd` once docker spawns

l1_precision_fix
Tyler Goodlet 2022-02-17 14:29:04 -05:00
parent aecc5973fa
commit 7395b56321
1 changed files with 21 additions and 11 deletions

View File

@ -18,6 +18,7 @@
Supervisor for docker with included specific-image service helpers. Supervisor for docker with included specific-image service helpers.
''' '''
import os
from typing import ( from typing import (
Optional, Optional,
# Any, # Any,
@ -35,7 +36,7 @@ from docker.errors import DockerException
from requests.exceptions import ConnectionError from requests.exceptions import ConnectionError
from ..log import get_logger # , get_console_log from ..log import get_logger # , get_console_log
from ..config import _config_dir from .. import config
log = get_logger(__name__) log = get_logger(__name__)
@ -78,9 +79,11 @@ triggers:
''' '''
class DockerNotStarted(Exception): class DockerNotStarted(Exception):
'Prolly you dint start da daemon bruh' 'Prolly you dint start da daemon bruh'
@acm @acm
async def open_docker( async def open_docker(
url: Optional[str] = None, url: Optional[str] = None,
@ -171,7 +174,7 @@ async def open_marketstore(
# create a mount from user's local piker config dir into container # create a mount from user's local piker config dir into container
config_dir_mnt = docker.types.Mount( config_dir_mnt = docker.types.Mount(
target='/etc', target='/etc',
source=_config_dir, source=config._config_dir,
type='bind', type='bind',
) )
@ -226,19 +229,26 @@ async def start_ahab(
) -> None: ) -> None:
cn_ready = trio.Event() cn_ready = trio.Event()
task_status.started(cn_ready)
async with tractor.open_nursery( async with tractor.open_nursery(
loglevel='runtime', loglevel='runtime',
) as tn: ) as tn:
async with (
(
await tn.start_actor('ahab', enable_modules=[__name__])
).open_context(
open_marketstore,
) as (ctx, first),
):
assert str(first)
portal = await tn.start_actor('ahab', enable_modules=[__name__])
if config._parent_user:
import pwd
os.setuid(
pwd.getpwnam(
config._parent_user
)[2] # named user's uid
)
task_status.started(cn_ready)
async with portal.open_context(
open_marketstore,
) as (ctx, first):
assert str(first)
# run till cancelled # run till cancelled
await trio.sleep_forever() await trio.sleep_forever()