fix: Properly chown the coyote config recursively and password file in the sbx
This commit is contained in:
+27
-4
@@ -356,9 +356,9 @@ fn build_create_args(
|
|||||||
args.push(mixin_str);
|
args.push(mixin_str);
|
||||||
}
|
}
|
||||||
|
|
||||||
args.push(SANDBOX_AGENT.to_string());
|
|
||||||
args.push("--name".to_string());
|
args.push("--name".to_string());
|
||||||
args.push(name.to_string());
|
args.push(name.to_string());
|
||||||
|
args.push(SANDBOX_AGENT.to_string());
|
||||||
args.push(".".to_string());
|
args.push(".".to_string());
|
||||||
|
|
||||||
Ok(args)
|
Ok(args)
|
||||||
@@ -373,6 +373,7 @@ fn copy_host_files(name: &str) -> Result<()> {
|
|||||||
let src = format!("{}/", config_dir.display());
|
let src = format!("{}/", config_dir.display());
|
||||||
let dest = format!("{name}:/home/agent/.config/");
|
let dest = format!("{name}:/home/agent/.config/");
|
||||||
sbx_cp(&src, &dest)?;
|
sbx_cp(&src, &dest)?;
|
||||||
|
chown_agent_recursive(name, "/home/agent/.config")?;
|
||||||
} else {
|
} else {
|
||||||
debug!(
|
debug!(
|
||||||
"Skipping config copy: {} does not exist",
|
"Skipping config copy: {} does not exist",
|
||||||
@@ -390,6 +391,7 @@ fn copy_host_files(name: &str) -> Result<()> {
|
|||||||
}
|
}
|
||||||
let dest = format!("{name}:{dest_path}");
|
let dest = format!("{name}:{dest_path}");
|
||||||
sbx_cp(&password_file.display().to_string(), &dest)?;
|
sbx_cp(&password_file.display().to_string(), &dest)?;
|
||||||
|
chown_agent_recursive(name, &dest_path)?;
|
||||||
}
|
}
|
||||||
Some(password_file) => {
|
Some(password_file) => {
|
||||||
debug!(
|
debug!(
|
||||||
@@ -461,7 +463,7 @@ fn sandbox_path_parent(linux_path: &str) -> Option<&str> {
|
|||||||
|
|
||||||
fn ensure_sandbox_dir(sandbox: &str, dir: &str) -> Result<()> {
|
fn ensure_sandbox_dir(sandbox: &str, dir: &str) -> Result<()> {
|
||||||
let dir_q = shell_words::quote(dir);
|
let dir_q = shell_words::quote(dir);
|
||||||
let cmd = format!("sudo mkdir -p {dir_q} && sudo chown -R agent:agent {dir_q}");
|
let cmd = format!("sudo mkdir -p {dir_q} && sudo chown agent:agent {dir_q}");
|
||||||
|
|
||||||
debug!("sbx exec {sandbox}: {cmd}");
|
debug!("sbx exec {sandbox}: {cmd}");
|
||||||
|
|
||||||
@@ -520,6 +522,27 @@ fn exec_run(name: &str, kit_path: &Path) -> Result<()> {
|
|||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn chown_agent_recursive(sandbox: &str, path: &str) -> Result<()> {
|
||||||
|
let path_q = shell_words::quote(path);
|
||||||
|
let cmd = format!("sudo chown -R agent:agent {path_q}");
|
||||||
|
|
||||||
|
debug!("sbx exec {sandbox}: {cmd}");
|
||||||
|
|
||||||
|
let status = Command::new(SBX_BINARY)
|
||||||
|
.args(["exec", sandbox, "sh", "-c", &cmd])
|
||||||
|
.stdin(Stdio::inherit())
|
||||||
|
.stdout(Stdio::inherit())
|
||||||
|
.stderr(Stdio::inherit())
|
||||||
|
.status()
|
||||||
|
.context("Failed to spawn `sbx exec` to chown copied files")?;
|
||||||
|
|
||||||
|
if !status.success() {
|
||||||
|
bail!("Chowning '{path}' in sandbox failed: sbx exec exited with {status}");
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use super::*;
|
use super::*;
|
||||||
@@ -627,9 +650,9 @@ mod tests {
|
|||||||
dir_a.display().to_string(),
|
dir_a.display().to_string(),
|
||||||
"--kit".to_string(),
|
"--kit".to_string(),
|
||||||
dir_b.display().to_string(),
|
dir_b.display().to_string(),
|
||||||
"coyote".to_string(),
|
|
||||||
"--name".to_string(),
|
"--name".to_string(),
|
||||||
"my-box".to_string(),
|
"my-box".to_string(),
|
||||||
|
"coyote".to_string(),
|
||||||
".".to_string(),
|
".".to_string(),
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
@@ -648,9 +671,9 @@ mod tests {
|
|||||||
"create".to_string(),
|
"create".to_string(),
|
||||||
"--kit".to_string(),
|
"--kit".to_string(),
|
||||||
"/cache/sbx-kit".to_string(),
|
"/cache/sbx-kit".to_string(),
|
||||||
"coyote".to_string(),
|
|
||||||
"--name".to_string(),
|
"--name".to_string(),
|
||||||
"box".to_string(),
|
"box".to_string(),
|
||||||
|
"coyote".to_string(),
|
||||||
".".to_string(),
|
".".to_string(),
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
|
|||||||
Reference in New Issue
Block a user