De-escalate sudo perms in `pikerd` once docker spawns
parent
aecc5973fa
commit
7395b56321
|
@ -18,6 +18,7 @@
|
||||||
Supervisor for docker with included specific-image service helpers.
|
Supervisor for docker with included specific-image service helpers.
|
||||||
|
|
||||||
'''
|
'''
|
||||||
|
import os
|
||||||
from typing import (
|
from typing import (
|
||||||
Optional,
|
Optional,
|
||||||
# Any,
|
# Any,
|
||||||
|
@ -35,7 +36,7 @@ from docker.errors import DockerException
|
||||||
from requests.exceptions import ConnectionError
|
from requests.exceptions import ConnectionError
|
||||||
|
|
||||||
from ..log import get_logger # , get_console_log
|
from ..log import get_logger # , get_console_log
|
||||||
from ..config import _config_dir
|
from .. import config
|
||||||
|
|
||||||
log = get_logger(__name__)
|
log = get_logger(__name__)
|
||||||
|
|
||||||
|
@ -78,9 +79,11 @@ triggers:
|
||||||
|
|
||||||
'''
|
'''
|
||||||
|
|
||||||
|
|
||||||
class DockerNotStarted(Exception):
|
class DockerNotStarted(Exception):
|
||||||
'Prolly you dint start da daemon bruh'
|
'Prolly you dint start da daemon bruh'
|
||||||
|
|
||||||
|
|
||||||
@acm
|
@acm
|
||||||
async def open_docker(
|
async def open_docker(
|
||||||
url: Optional[str] = None,
|
url: Optional[str] = None,
|
||||||
|
@ -171,7 +174,7 @@ async def open_marketstore(
|
||||||
# create a mount from user's local piker config dir into container
|
# create a mount from user's local piker config dir into container
|
||||||
config_dir_mnt = docker.types.Mount(
|
config_dir_mnt = docker.types.Mount(
|
||||||
target='/etc',
|
target='/etc',
|
||||||
source=_config_dir,
|
source=config._config_dir,
|
||||||
type='bind',
|
type='bind',
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -226,19 +229,26 @@ async def start_ahab(
|
||||||
) -> None:
|
) -> None:
|
||||||
|
|
||||||
cn_ready = trio.Event()
|
cn_ready = trio.Event()
|
||||||
task_status.started(cn_ready)
|
|
||||||
async with tractor.open_nursery(
|
async with tractor.open_nursery(
|
||||||
loglevel='runtime',
|
loglevel='runtime',
|
||||||
) as tn:
|
) as tn:
|
||||||
async with (
|
|
||||||
(
|
|
||||||
await tn.start_actor('ahab', enable_modules=[__name__])
|
|
||||||
).open_context(
|
|
||||||
open_marketstore,
|
|
||||||
) as (ctx, first),
|
|
||||||
):
|
|
||||||
assert str(first)
|
|
||||||
|
|
||||||
|
portal = await tn.start_actor('ahab', enable_modules=[__name__])
|
||||||
|
if config._parent_user:
|
||||||
|
import pwd
|
||||||
|
os.setuid(
|
||||||
|
pwd.getpwnam(
|
||||||
|
config._parent_user
|
||||||
|
)[2] # named user's uid
|
||||||
|
)
|
||||||
|
|
||||||
|
task_status.started(cn_ready)
|
||||||
|
|
||||||
|
async with portal.open_context(
|
||||||
|
open_marketstore,
|
||||||
|
) as (ctx, first):
|
||||||
|
|
||||||
|
assert str(first)
|
||||||
# run till cancelled
|
# run till cancelled
|
||||||
await trio.sleep_forever()
|
await trio.sleep_forever()
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue