fix(desudo): de-sudo config scan so the manager runtime loads CFG
scan_files used 'sudo find' to enumerate config files to source. Under the scoped sudoers that's denied, so NO configs got sourced -> CFG_DOCKER_INSTALL_TYPE ended up empty -> runFileOp/runFileWrite fell back to the manager branch and every container-path write failed. Root cause of the 'sudo: a password is required' + 'tee: Permission denied' storm when running under the scoped grant. - configs/ scan (manager-owned): plain find - app_configs scan (/docker/containers, docker-install-owned, not list-readable by the manager): runFileOp find (enumerate as that user; manager still sources each .config, which is o+r). 'containers' install templates stay plain find. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
parent
2d9450fed4
commit
13d2c15074
@ -4,7 +4,7 @@ checkDockerRootlessRequirement()
|
|||||||
{
|
{
|
||||||
if [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then
|
if [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then
|
||||||
### Docker Rootless
|
### Docker Rootless
|
||||||
if runSystem grep -q "ROOTLESS" $sysctl; then
|
if grep -q "ROOTLESS" $sysctl; then
|
||||||
isSuccessful "Docker Rootless appears to be installed."
|
isSuccessful "Docker Rootless appears to be installed."
|
||||||
else
|
else
|
||||||
isNotice "Docker Rootless does not appear to be installed."
|
isNotice "Docker Rootless does not appear to be installed."
|
||||||
|
|||||||
@ -26,7 +26,7 @@ sourceScanFiles()
|
|||||||
# echo "$load_type NEW FILE $file"
|
# echo "$load_type NEW FILE $file"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
done < <(sudo find "$folder_dir" -maxdepth 2 -type f ! -name "*.category" ! -name "config_*" ! -name ".*" -print0)
|
done < <(find "$folder_dir" -maxdepth 2 -type f ! -name "*.category" ! -name "config_*" ! -name ".*" -print0)
|
||||||
|
|
||||||
# Per-location backup configs live nested at depth 3
|
# Per-location backup configs live nested at depth 3
|
||||||
# (configs/backup/locations/<idx>/location.config) — source them via
|
# (configs/backup/locations/<idx>/location.config) — source them via
|
||||||
@ -48,14 +48,20 @@ sourceScanFiles()
|
|||||||
echo "Invalid load type: $load_type"
|
echo "Invalid load type: $load_type"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Scanning function for other types (not libreportal_configs)
|
# Scanning function for other types (not libreportal_configs).
|
||||||
|
# app_configs live under /docker/containers (owned by the docker install user
|
||||||
|
# and not list-readable by the manager), so enumerate them AS that user via
|
||||||
|
# runFileOp; the manager still sources each (the .config files are o+r). The
|
||||||
|
# 'containers' install templates are manager-owned, so a plain find suffices.
|
||||||
if [ "$load_type" != "libreportal_configs" ]; then
|
if [ "$load_type" != "libreportal_configs" ]; then
|
||||||
|
local scan_op=""
|
||||||
|
[[ "$load_type" == "app_configs" ]] && scan_op="runFileOp"
|
||||||
while IFS= read -r -d '' file; do
|
while IFS= read -r -d '' file; do
|
||||||
if [ -f "$file" ]; then
|
if [ -f "$file" ]; then
|
||||||
source "$file"
|
source "$file"
|
||||||
# echo "$load_type FILE $file"
|
# echo "$load_type FILE $file"
|
||||||
fi
|
fi
|
||||||
done < <(sudo find "$folder_dir" -maxdepth 3 -type d \( -name 'resources' \) -prune -o -type f -name "$file_pattern" -print0)
|
done < <($scan_op find "$folder_dir" -maxdepth 3 -type d \( -name 'resources' \) -prune -o -type f -name "$file_pattern" -print0)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Load the categories from the file into an array
|
# Load the categories from the file into an array
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user