suyono/wingmate
1
0
Fork 0
Code Issues 2 Pull Requests Packages Projects 1 Releases 2 Wiki Activity

chore(Makefiles): to simplify Dockerfile

Browse Source 
fix(wmexec): setgid before setuid
test(wmexec): tested
This commit is contained in:
Suyono 2023-12-17 23:45:03 +00:00
parent 15a804aa7d
commit c043c91f0e
15 changed files with 69 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Makefile
View File

@ -1,4 +1,4 @@
DESTDIR = /usr/local/bin
all: wingmate dummy oneshot spawner starter pidproxy exec all: wingmate dummy oneshot spawner starter pidproxy exec
@ -31,3 +31,13 @@ clean:
$(MAKE) -C cmd/experiment/oneshot clean $(MAKE) -C cmd/experiment/oneshot clean
$(MAKE) -C cmd/experiment/spawner clean $(MAKE) -C cmd/experiment/spawner clean
$(MAKE) -C cmd/experiment/starter clean $(MAKE) -C cmd/experiment/starter clean
install:
install -d ${DESTDIR}
$(MAKE) -C cmd/wingmate DESTDIR=${DESTDIR} install
$(MAKE) -C cmd/pidproxy DESTDIR=${DESTDIR} install
$(MAKE) -C cmd/exec DESTDIR=${DESTDIR} install
$(MAKE) -C cmd/experiment/dummy DESTDIR=${DESTDIR} install
$(MAKE) -C cmd/experiment/oneshot DESTDIR=${DESTDIR} install
$(MAKE) -C cmd/experiment/spawner DESTDIR=${DESTDIR} install
$(MAKE) -C cmd/experiment/starter DESTDIR=${DESTDIR} install

5
cmd/exec/Makefile
View File

@ -2,4 +2,7 @@ all:
go build -v go build -v
clean: clean:
go clean -i -cache -testcache go clean -i -cache -testcache
install:
install exec ${DESTDIR}/wmexec

30
cmd/exec/exec.go
View File

@ -2,6 +2,7 @@ package main
import ( import (
"errors" "errors"
"fmt"
"log" "log"
"os" "os"
"os/exec" "os/exec"
@ -95,36 +96,37 @@ func execCmd(cmd *cobra.Command, args []string) error {
ug := viper.GetString(EnvUser) ug := viper.GetString(EnvUser)
if len(ug) > 0 { if len(ug) > 0 {
user, group, ok := strings.Cut(ug, ":") user, group, ok := strings.Cut(ug, ":")
uid, err = strconv.ParseUint(user, 10, 32)
if err != nil {
if uid, err = getUid(user); err != nil {
return err
}
}
if err = unix.Setuid(int(uid)); err != nil {
return err
}
if ok { if ok {
if gid, err = strconv.ParseUint(group, 10, 32); err != nil { if gid, err = strconv.ParseUint(group, 10, 32); err != nil {
if gid, err = getGid(group); err != nil { if gid, err = getGid(group); err != nil {
return err return fmt.Errorf("cgo getgid: %w", err)
} }
} }
if err = unix.Setgid(int(gid)); err != nil { if err = unix.Setgid(int(gid)); err != nil {
return err return fmt.Errorf("setgid: %w", err)
} }
} }
uid, err = strconv.ParseUint(user, 10, 32)
if err != nil {
if uid, err = getUid(user); err != nil {
return fmt.Errorf("cgo getuid: %w", err)
}
}
if err = unix.Setuid(int(uid)); err != nil {
return fmt.Errorf("setuid: %w", err)
}
} }
if path, err = exec.LookPath(childArgs[0]); err != nil { if path, err = exec.LookPath(childArgs[0]); err != nil {
if !errors.Is(err, exec.ErrDot) { if !errors.Is(err, exec.ErrDot) {
return err return fmt.Errorf("lookpath: %w", err)
} }
} }
if err = unix.Exec(path, childArgs, os.Environ()); err != nil { if err = unix.Exec(path, childArgs, os.Environ()); err != nil {
return err return fmt.Errorf("exec: %w", err)
} }
return nil return nil

5
cmd/experiment/dummy/Makefile
View File

@ -2,4 +2,7 @@ all:
go build -v go build -v
clean: clean:
go clean -i -cache -testcache go clean -i -cache -testcache
install:
install dummy ${DESTDIR}/wmdummy

5
cmd/experiment/oneshot/Makefile
View File

@ -2,4 +2,7 @@ all:
go build -v go build -v
clean: clean:
go clean -i -cache -testcache go clean -i -cache -testcache
install:
install oneshot ${DESTDIR}/wmoneshot

5
cmd/experiment/spawner/Makefile
View File

@ -2,4 +2,7 @@ all:
go build -v go build -v
clean: clean:
go clean -i -cache -testcache go clean -i -cache -testcache
install:
install spawner ${DESTDIR}/wmspawner

5
cmd/experiment/starter/Makefile
View File

@ -2,4 +2,7 @@ all:
go build -v go build -v
clean: clean:
go clean -i -cache -testcache go clean -i -cache -testcache
install:
install starter ${DESTDIR}/wmstarter

5
cmd/pidproxy/Makefile
View File

@ -2,4 +2,7 @@ all:
go build -v go build -v
clean: clean:
go clean -i -cache -testcache go clean -i -cache -testcache
install:
install pidproxy ${DESTDIR}/wmpidproxy

6
cmd/wingmate/Makefile
View File

@ -2,4 +2,8 @@ all:
go build -v go build -v
clean: clean:
go clean -i -cache -testcache go clean -i -cache -testcache
install:
install wingmate ${DESTDIR}/wingmate

13
docker/alpine/Dockerfile
View File

@ -2,19 +2,16 @@ FROM golang:1.21-alpine as builder
ADD . /root/wingmate ADD . /root/wingmate
WORKDIR /root/wingmate/ WORKDIR /root/wingmate/
RUN apk add make && make all RUN apk add make build-base && CGO_ENABLED=1 make all && make DESTDIR=/usr/local/bin/wingmate install
FROM alpine:3.18 FROM alpine:3.18
RUN apk add tzdata && ln -s /usr/share/zoneinfo/Australia/Sydney /etc/localtime RUN apk add tzdata && ln -s /usr/share/zoneinfo/Australia/Sydney /etc/localtime && \
COPY --from=builder /root/wingmate/cmd/wingmate/wingmate /usr/local/bin/wingmate adduser -h /home/user1 -D -s /bin/sh user1 && \
COPY --from=builder /root/wingmate/cmd/experiment/dummy/dummy /usr/local/bin/wmdummy adduser -h /home/user2 -D -s /bin/sh user2
COPY --from=builder /root/wingmate/cmd/experiment/starter/starter /usr/local/bin/wmstarter COPY --from=builder /usr/local/bin/wingmate/ /usr/local/bin/
COPY --from=builder /root/wingmate/cmd/experiment/oneshot/oneshot /usr/local/bin/wmoneshot
COPY --from=builder /root/wingmate/cmd/experiment/spawner/spawner /usr/local/bin/wmspawner
COPY --from=builder /root/wingmate/cmd/pidproxy/pidproxy /usr/local/bin/wmpidproxy
ADD --chmod=755 docker/alpine/entry.sh /usr/local/bin/entry.sh ADD --chmod=755 docker/alpine/entry.sh /usr/local/bin/entry.sh
ADD --chmod=755 docker/alpine/etc /etc ADD --chmod=755 docker/alpine/etc /etc

2
docker/alpine/etc/wingmate/service/one.sh
View File

@ -1,4 +1,4 @@
#!/bin/sh #!/bin/sh
export DUMMY_PATH=/usr/local/bin/wmdummy export DUMMY_PATH=/usr/local/bin/wmdummy
exec /usr/local/bin/wmstarter exec /usr/local/bin/wmexec --setsid --user user1:user1 -- /usr/local/bin/wmstarter

2
docker/alpine/etc/wingmate/service/spawner.sh
View File

@ -2,4 +2,4 @@
export WINGMATE_ONESHOT_PATH=/usr/local/bin/wmoneshot export WINGMATE_ONESHOT_PATH=/usr/local/bin/wmoneshot
export WINGMATE_DUMMY_PATH=/usr/local/bin/wmdummy export WINGMATE_DUMMY_PATH=/usr/local/bin/wmdummy
exec /usr/local/bin/wmspawner exec /usr/local/bin/wmexec --user 1001 -- /usr/local/bin/wmspawner

12
docker/bookworm/Dockerfile
View File

@ -2,20 +2,16 @@ FROM golang:1.21-bookworm as builder
ADD . /root/wingmate ADD . /root/wingmate
WORKDIR /root/wingmate/ WORKDIR /root/wingmate/
RUN make all RUN make all && make DESTDIR=/usr/local/bin/wingmate install
FROM debian:bookworm FROM debian:bookworm
RUN ln -sf /usr/share/zoneinfo/Australia/Sydney /etc/localtime && \ RUN ln -sf /usr/share/zoneinfo/Australia/Sydney /etc/localtime && \
apt update && apt install -y procps apt update && apt install -y procps && \
COPY --from=builder /root/wingmate/cmd/wingmate/wingmate /usr/local/bin/wingmate useradd -m -s /bin/bash user1
COPY --from=builder /root/wingmate/cmd/experiment/dummy/dummy /usr/local/bin/wmdummy COPY --from=builder /usr/local/bin/wingmate/ /usr/local/bin/
COPY --from=builder /root/wingmate/cmd/experiment/starter/starter /usr/local/bin/wmstarter
COPY --from=builder /root/wingmate/cmd/experiment/oneshot/oneshot /usr/local/bin/wmoneshot
COPY --from=builder /root/wingmate/cmd/experiment/spawner/spawner /usr/local/bin/wmspawner
COPY --from=builder /root/wingmate/cmd/pidproxy/pidproxy /usr/local/bin/wmpidproxy
ADD --chmod=755 docker/bookworm/entry.sh /usr/local/bin/entry.sh ADD --chmod=755 docker/bookworm/entry.sh /usr/local/bin/entry.sh
ADD --chmod=755 docker/bookworm/etc /etc ADD --chmod=755 docker/bookworm/etc /etc

2
docker/bookworm/etc/wingmate/service/one.sh
View File

@ -1,4 +1,4 @@
#!/usr/bin/bash #!/usr/bin/bash
export DUMMY_PATH=/usr/local/bin/wmdummy export DUMMY_PATH=/usr/local/bin/wmdummy
exec /usr/local/bin/wmstarter exec /usr/local/bin/wmexec --setsid --user user1:user1 -- /usr/local/bin/wmstarter

2
docker/bookworm/etc/wingmate/service/spawner.sh
View File

@ -2,4 +2,4 @@
export WINGMATE_ONESHOT_PATH=/usr/local/bin/wmoneshot export WINGMATE_ONESHOT_PATH=/usr/local/bin/wmoneshot
export WINGMATE_DUMMY_PATH=/usr/local/bin/wmdummy export WINGMATE_DUMMY_PATH=/usr/local/bin/wmdummy
exec /usr/local/bin/wmspawner exec /usr/local/bin/wmexec --user 1200 -- /usr/local/bin/wmspawner