Reinstall test on Debian 12 surfaced three rootless-only breakages (rooted was byte-identical/fine): 1. pasta blocked by Debian's passt AppArmor profile (DENIED ptrace read -> can't open container netns -> rootless dockerd never starts). Default CFG_ROOTLESS_NET back to slirp4netns (reliable); pasta stays selectable for hosts that relax the profile. 2. de-sudo mis-assigned helpers by owner. /docker management layer (apps DB chowned to libreportal by install_sqlite, /docker/logs) is MANAGER-owned, not dockerinstall. Add runInstallWrite; move apps-DB sqlite3 -> runInstallOp and /docker/logs appends -> runInstallWrite. Revert ownership-SETUP scripts (libreportal_folders, app_folder) to runSystem — they must run as root to establish ownership during install. Container files (/docker/containers/<app>) stay runFileOp. 3. kernel hardening sysctls written to /etc/sysctl/99-custom.conf, which 'sysctl --system' does not read -> never applied. Write them to /etc/sysctl.d/99-libreportal-hardening.conf instead. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
54 lines
2.0 KiB
Bash
Executable File
54 lines
2.0 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
function checkSuccess()
|
|
{
|
|
if [ $? -eq 0 ]; then
|
|
isSuccessful "$1"
|
|
if [ -f "$logs_dir/$docker_log_file" ]; then
|
|
echo "✓ Success $1" | runInstallWrite -a "$logs_dir/$docker_log_file" >/dev/null
|
|
fi
|
|
else
|
|
isError "$1"
|
|
|
|
# Non-interactive (task processor / cron / piped): bail instead of
|
|
# blocking on read.
|
|
if [[ "$LIBREPORTAL_NONINTERACTIVE" == "1" ]] || [ ! -t 0 ]; then
|
|
if [ -f "$logs_dir/$docker_log_file" ]; then
|
|
isError " $1" | runInstallWrite -a "$logs_dir/$docker_log_file" >/dev/null
|
|
echo "===================================" | runInstallWrite -a "$logs_dir/$docker_log_file" >/dev/null
|
|
fi
|
|
isNotice "Non-interactive mode: aborting on error."
|
|
exit 1
|
|
fi
|
|
|
|
while true; do
|
|
isQuestion "An error has occurred. Do you want to continue, exit or go to back to the Menu? (c/x/m) "
|
|
read -rp "" error_occurred
|
|
if [[ -n "$error_occurred" ]]; then
|
|
break
|
|
fi
|
|
isNotice "Please provide a valid input."
|
|
done
|
|
|
|
if [[ "$error_occurred" == [cC] ]]; then
|
|
isNotice "Continuing after error has occurred."
|
|
fi
|
|
|
|
if [[ "$error_occurred" == [xX] ]]; then
|
|
# Log the error output to the log file
|
|
isError " $1" | runInstallWrite -a "$logs_dir/$docker_log_file"
|
|
echo "===================================" | runInstallWrite -a "$logs_dir/$docker_log_file"
|
|
exit 1 # Exit the script with a non-zero status to stop the current action
|
|
fi
|
|
|
|
if [[ "$error_occurred" == [mM] ]]; then
|
|
# Log the error output to the log file
|
|
isError " $1" | runInstallWrite -a "$logs_dir/$docker_log_file"
|
|
echo "===================================" | runInstallWrite -a "$logs_dir/$docker_log_file"
|
|
if [[ "$initial_command2" == "terminal" ]]; then
|
|
resetToMenu;
|
|
fi
|
|
fi
|
|
fi
|
|
}
|