Single place that decides how a privileged op runs by Docker mode: - runFileOp / runFileWrite: /docker data-plane ops — rooted uses sudo (identical to today), rootless runs as the unprivileged install user (no root). - runSystem: genuine system-admin ops, sudo in both modes, funnelled here so it can later be confined to a scoped sudoers allowlist. Call sites converted to these are byte-for-byte unchanged under rooted, so existing/live boxes can't regress; rootless gets the de-privileged path. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
47 lines
1.7 KiB
Bash
47 lines
1.7 KiB
Bash
#!/bin/bash
|
|
|
|
# Mode-aware privileged operations.
|
|
#
|
|
# The privilege a file operation needs depends on the Docker mode:
|
|
# rooted — app/container files under /docker are root-owned, so ops run via
|
|
# sudo. This is byte-for-byte the historical behaviour.
|
|
# rootless — those files are owned by the unprivileged Docker install user, so
|
|
# ops run AS that user over the existing SSH channel and need no
|
|
# root at all.
|
|
# Centralising the branch here means each call site is written once and is
|
|
# correct in both modes, and rooted installs (incl. live boxes) are unchanged.
|
|
|
|
# Run a /docker data-plane command — mkdir/chown/rm/cp/mv/find/sqlite3/etc. on
|
|
# app or container files.
|
|
# rooted -> sudo <cmd>
|
|
# rootless -> run <cmd> as the Docker install user (no sudo)
|
|
# Note: for stdin-fed writes (e.g. `… | sudo tee file`) use runFileWrite below;
|
|
# this helper is for self-contained commands.
|
|
runFileOp() {
|
|
if [[ "$CFG_DOCKER_INSTALL_TYPE" == "rootless" ]]; then
|
|
dockerCommandRunInstallUser "$*"
|
|
else
|
|
sudo "$@"
|
|
fi
|
|
}
|
|
|
|
# Write stdin to a path with the right privilege (replaces `… | sudo tee path`).
|
|
# rooted -> sudo tee
|
|
# rootless -> tee as the Docker install user
|
|
# Usage: some_command | runFileWrite /path/to/file
|
|
runFileWrite() {
|
|
local dest="$1"
|
|
if [[ "$CFG_DOCKER_INSTALL_TYPE" == "rootless" ]]; then
|
|
dockerCommandRunInstallUser "tee '$dest' >/dev/null"
|
|
else
|
|
sudo tee "$dest" >/dev/null
|
|
fi
|
|
}
|
|
|
|
# Genuine system-administration command (ufw/systemctl/apt/sysctl/useradd, /etc
|
|
# edits). Needs real root in both modes; kept as sudo and funnelled through one
|
|
# place so it can later be confined to a scoped sudoers allowlist.
|
|
runSystem() {
|
|
sudo "$@"
|
|
}
|