Compare commits

...

2 Commits

Author SHA1 Message Date
librelad
e89ce25a19 Merge claude/2 2026-05-23 20:35:18 +01:00
librelad
5c928fe9c0 feat(privilege): mode-aware privileged-op helper
Single place that decides how a privileged op runs by Docker mode:
- runFileOp / runFileWrite: /docker data-plane ops — rooted uses sudo (identical
  to today), rootless runs as the unprivileged install user (no root).
- runSystem: genuine system-admin ops, sudo in both modes, funnelled here so it
  can later be confined to a scoped sudoers allowlist.
Call sites converted to these are byte-for-byte unchanged under rooted, so
existing/live boxes can't regress; rootless gets the de-privileged path.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-23 20:35:18 +01:00
2 changed files with 47 additions and 0 deletions

View File

@ -0,0 +1,46 @@
#!/bin/bash
# Mode-aware privileged operations.
#
# The privilege a file operation needs depends on the Docker mode:
# rooted — app/container files under /docker are root-owned, so ops run via
# sudo. This is byte-for-byte the historical behaviour.
# rootless — those files are owned by the unprivileged Docker install user, so
# ops run AS that user over the existing SSH channel and need no
# root at all.
# Centralising the branch here means each call site is written once and is
# correct in both modes, and rooted installs (incl. live boxes) are unchanged.
# Run a /docker data-plane command — mkdir/chown/rm/cp/mv/find/sqlite3/etc. on
# app or container files.
# rooted -> sudo <cmd>
# rootless -> run <cmd> as the Docker install user (no sudo)
# Note: for stdin-fed writes (e.g. `… | sudo tee file`) use runFileWrite below;
# this helper is for self-contained commands.
runFileOp() {
if [[ "$CFG_DOCKER_INSTALL_TYPE" == "rootless" ]]; then
dockerCommandRunInstallUser "$*"
else
sudo "$@"
fi
}
# Write stdin to a path with the right privilege (replaces `… | sudo tee path`).
# rooted -> sudo tee
# rootless -> tee as the Docker install user
# Usage: some_command | runFileWrite /path/to/file
runFileWrite() {
local dest="$1"
if [[ "$CFG_DOCKER_INSTALL_TYPE" == "rootless" ]]; then
dockerCommandRunInstallUser "tee '$dest' >/dev/null"
else
sudo tee "$dest" >/dev/null
fi
}
# Genuine system-administration command (ufw/systemctl/apt/sysctl/useradd, /etc
# edits). Needs real root in both modes; kept as sudo and funnelled through one
# place so it can later be confined to a scoped sudoers allowlist.
runSystem() {
sudo "$@"
}

View File

@ -31,6 +31,7 @@ docker_scripts=(
"docker/checks/running_for_user.sh" "docker/checks/running_for_user.sh"
"docker/command/docker_run_install.sh" "docker/command/docker_run_install.sh"
"docker/command/docker_run.sh" "docker/command/docker_run.sh"
"docker/command/run_privileged.sh"
"docker/compose/copy_build_context.sh" "docker/compose/copy_build_context.sh"
"docker/compose/restart_after_update.sh" "docker/compose/restart_after_update.sh"
"docker/compose/setup_compose_yml.sh" "docker/compose/setup_compose_yml.sh"