chore(Makefiles): to simplify Dockerfile
fix(wmexec): setgid before setuid test(wmexec): tested
This commit is contained in:
parent
15a804aa7d
commit
c043c91f0e
12
Makefile
12
Makefile
@ -1,4 +1,4 @@
|
||||
|
||||
DESTDIR = /usr/local/bin
|
||||
|
||||
all: wingmate dummy oneshot spawner starter pidproxy exec
|
||||
|
||||
@ -31,3 +31,13 @@ clean:
|
||||
$(MAKE) -C cmd/experiment/oneshot clean
|
||||
$(MAKE) -C cmd/experiment/spawner clean
|
||||
$(MAKE) -C cmd/experiment/starter clean
|
||||
|
||||
install:
|
||||
install -d ${DESTDIR}
|
||||
$(MAKE) -C cmd/wingmate DESTDIR=${DESTDIR} install
|
||||
$(MAKE) -C cmd/pidproxy DESTDIR=${DESTDIR} install
|
||||
$(MAKE) -C cmd/exec DESTDIR=${DESTDIR} install
|
||||
$(MAKE) -C cmd/experiment/dummy DESTDIR=${DESTDIR} install
|
||||
$(MAKE) -C cmd/experiment/oneshot DESTDIR=${DESTDIR} install
|
||||
$(MAKE) -C cmd/experiment/spawner DESTDIR=${DESTDIR} install
|
||||
$(MAKE) -C cmd/experiment/starter DESTDIR=${DESTDIR} install
|
||||
|
||||
@ -2,4 +2,7 @@ all:
|
||||
go build -v
|
||||
|
||||
clean:
|
||||
go clean -i -cache -testcache
|
||||
go clean -i -cache -testcache
|
||||
|
||||
install:
|
||||
install exec ${DESTDIR}/wmexec
|
||||
@ -2,6 +2,7 @@ package main
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"log"
|
||||
"os"
|
||||
"os/exec"
|
||||
@ -95,36 +96,37 @@ func execCmd(cmd *cobra.Command, args []string) error {
|
||||
ug := viper.GetString(EnvUser)
|
||||
if len(ug) > 0 {
|
||||
user, group, ok := strings.Cut(ug, ":")
|
||||
uid, err = strconv.ParseUint(user, 10, 32)
|
||||
if err != nil {
|
||||
if uid, err = getUid(user); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
if err = unix.Setuid(int(uid)); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if ok {
|
||||
if gid, err = strconv.ParseUint(group, 10, 32); err != nil {
|
||||
if gid, err = getGid(group); err != nil {
|
||||
return err
|
||||
return fmt.Errorf("cgo getgid: %w", err)
|
||||
}
|
||||
}
|
||||
if err = unix.Setgid(int(gid)); err != nil {
|
||||
return err
|
||||
return fmt.Errorf("setgid: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
uid, err = strconv.ParseUint(user, 10, 32)
|
||||
if err != nil {
|
||||
if uid, err = getUid(user); err != nil {
|
||||
return fmt.Errorf("cgo getuid: %w", err)
|
||||
}
|
||||
}
|
||||
if err = unix.Setuid(int(uid)); err != nil {
|
||||
return fmt.Errorf("setuid: %w", err)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if path, err = exec.LookPath(childArgs[0]); err != nil {
|
||||
if !errors.Is(err, exec.ErrDot) {
|
||||
return err
|
||||
return fmt.Errorf("lookpath: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
if err = unix.Exec(path, childArgs, os.Environ()); err != nil {
|
||||
return err
|
||||
return fmt.Errorf("exec: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
|
||||
@ -2,4 +2,7 @@ all:
|
||||
go build -v
|
||||
|
||||
clean:
|
||||
go clean -i -cache -testcache
|
||||
go clean -i -cache -testcache
|
||||
|
||||
install:
|
||||
install dummy ${DESTDIR}/wmdummy
|
||||
@ -2,4 +2,7 @@ all:
|
||||
go build -v
|
||||
|
||||
clean:
|
||||
go clean -i -cache -testcache
|
||||
go clean -i -cache -testcache
|
||||
|
||||
install:
|
||||
install oneshot ${DESTDIR}/wmoneshot
|
||||
@ -2,4 +2,7 @@ all:
|
||||
go build -v
|
||||
|
||||
clean:
|
||||
go clean -i -cache -testcache
|
||||
go clean -i -cache -testcache
|
||||
|
||||
install:
|
||||
install spawner ${DESTDIR}/wmspawner
|
||||
@ -2,4 +2,7 @@ all:
|
||||
go build -v
|
||||
|
||||
clean:
|
||||
go clean -i -cache -testcache
|
||||
go clean -i -cache -testcache
|
||||
|
||||
install:
|
||||
install starter ${DESTDIR}/wmstarter
|
||||
@ -2,4 +2,7 @@ all:
|
||||
go build -v
|
||||
|
||||
clean:
|
||||
go clean -i -cache -testcache
|
||||
go clean -i -cache -testcache
|
||||
|
||||
install:
|
||||
install pidproxy ${DESTDIR}/wmpidproxy
|
||||
@ -2,4 +2,8 @@ all:
|
||||
go build -v
|
||||
|
||||
clean:
|
||||
go clean -i -cache -testcache
|
||||
go clean -i -cache -testcache
|
||||
|
||||
install:
|
||||
install wingmate ${DESTDIR}/wingmate
|
||||
|
||||
@ -2,19 +2,16 @@ FROM golang:1.21-alpine as builder
|
||||
|
||||
ADD . /root/wingmate
|
||||
WORKDIR /root/wingmate/
|
||||
RUN apk add make && make all
|
||||
RUN apk add make build-base && CGO_ENABLED=1 make all && make DESTDIR=/usr/local/bin/wingmate install
|
||||
|
||||
|
||||
|
||||
FROM alpine:3.18
|
||||
|
||||
RUN apk add tzdata && ln -s /usr/share/zoneinfo/Australia/Sydney /etc/localtime
|
||||
COPY --from=builder /root/wingmate/cmd/wingmate/wingmate /usr/local/bin/wingmate
|
||||
COPY --from=builder /root/wingmate/cmd/experiment/dummy/dummy /usr/local/bin/wmdummy
|
||||
COPY --from=builder /root/wingmate/cmd/experiment/starter/starter /usr/local/bin/wmstarter
|
||||
COPY --from=builder /root/wingmate/cmd/experiment/oneshot/oneshot /usr/local/bin/wmoneshot
|
||||
COPY --from=builder /root/wingmate/cmd/experiment/spawner/spawner /usr/local/bin/wmspawner
|
||||
COPY --from=builder /root/wingmate/cmd/pidproxy/pidproxy /usr/local/bin/wmpidproxy
|
||||
RUN apk add tzdata && ln -s /usr/share/zoneinfo/Australia/Sydney /etc/localtime && \
|
||||
adduser -h /home/user1 -D -s /bin/sh user1 && \
|
||||
adduser -h /home/user2 -D -s /bin/sh user2
|
||||
COPY --from=builder /usr/local/bin/wingmate/ /usr/local/bin/
|
||||
ADD --chmod=755 docker/alpine/entry.sh /usr/local/bin/entry.sh
|
||||
ADD --chmod=755 docker/alpine/etc /etc
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#!/bin/sh
|
||||
|
||||
export DUMMY_PATH=/usr/local/bin/wmdummy
|
||||
exec /usr/local/bin/wmstarter
|
||||
exec /usr/local/bin/wmexec --setsid --user user1:user1 -- /usr/local/bin/wmstarter
|
||||
@ -2,4 +2,4 @@
|
||||
|
||||
export WINGMATE_ONESHOT_PATH=/usr/local/bin/wmoneshot
|
||||
export WINGMATE_DUMMY_PATH=/usr/local/bin/wmdummy
|
||||
exec /usr/local/bin/wmspawner
|
||||
exec /usr/local/bin/wmexec --user 1001 -- /usr/local/bin/wmspawner
|
||||
@ -2,20 +2,16 @@ FROM golang:1.21-bookworm as builder
|
||||
|
||||
ADD . /root/wingmate
|
||||
WORKDIR /root/wingmate/
|
||||
RUN make all
|
||||
RUN make all && make DESTDIR=/usr/local/bin/wingmate install
|
||||
|
||||
|
||||
|
||||
FROM debian:bookworm
|
||||
|
||||
RUN ln -sf /usr/share/zoneinfo/Australia/Sydney /etc/localtime && \
|
||||
apt update && apt install -y procps
|
||||
COPY --from=builder /root/wingmate/cmd/wingmate/wingmate /usr/local/bin/wingmate
|
||||
COPY --from=builder /root/wingmate/cmd/experiment/dummy/dummy /usr/local/bin/wmdummy
|
||||
COPY --from=builder /root/wingmate/cmd/experiment/starter/starter /usr/local/bin/wmstarter
|
||||
COPY --from=builder /root/wingmate/cmd/experiment/oneshot/oneshot /usr/local/bin/wmoneshot
|
||||
COPY --from=builder /root/wingmate/cmd/experiment/spawner/spawner /usr/local/bin/wmspawner
|
||||
COPY --from=builder /root/wingmate/cmd/pidproxy/pidproxy /usr/local/bin/wmpidproxy
|
||||
apt update && apt install -y procps && \
|
||||
useradd -m -s /bin/bash user1
|
||||
COPY --from=builder /usr/local/bin/wingmate/ /usr/local/bin/
|
||||
ADD --chmod=755 docker/bookworm/entry.sh /usr/local/bin/entry.sh
|
||||
ADD --chmod=755 docker/bookworm/etc /etc
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#!/usr/bin/bash
|
||||
|
||||
export DUMMY_PATH=/usr/local/bin/wmdummy
|
||||
exec /usr/local/bin/wmstarter
|
||||
exec /usr/local/bin/wmexec --setsid --user user1:user1 -- /usr/local/bin/wmstarter
|
||||
@ -2,4 +2,4 @@
|
||||
|
||||
export WINGMATE_ONESHOT_PATH=/usr/local/bin/wmoneshot
|
||||
export WINGMATE_DUMMY_PATH=/usr/local/bin/wmdummy
|
||||
exec /usr/local/bin/wmspawner
|
||||
exec /usr/local/bin/wmexec --user 1200 -- /usr/local/bin/wmspawner
|
||||
Loading…
x
Reference in New Issue
Block a user