From 668622c5c1108cd3b514ec3fab19018f9e7c4604 Mon Sep 17 00:00:00 2001 From: Jithin Emmanuel Date: Thu, 18 Feb 2021 15:37:06 -0800 Subject: [PATCH] fix: mount ssh socket with rw so that non-root users can make use of it (#63) * fix: mount ssh socket with rw so that non-root users can make use of it * fix: correct test * fix: correct test * fix: correct test --- launch/docker.go | 2 +- launch/docker_test.go | 14 ++++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/launch/docker.go b/launch/docker.go index 4991f2d..ea6c724 100644 --- a/launch/docker.go +++ b/launch/docker.go @@ -99,7 +99,7 @@ func (d *docker) runBuild(buildEntry buildEntry) error { binVol := fmt.Sprintf("%s:%s", d.volume, "/opt/sd") habVol := fmt.Sprintf("%s:%s", d.habVolume, "/opt/sd/hab") - dockerVolumes := append(d.localVolumes, srcVol, artVol, binVol, habVol, fmt.Sprintf("%s:/tmp/auth.sock", d.socketPath)) + dockerVolumes := append(d.localVolumes, srcVol, artVol, binVol, habVol, fmt.Sprintf("%s:/tmp/auth.sock:rw", d.socketPath)) // Overwrite steps for sd-local interact mode. The env will load later. if d.interactiveMode { diff --git a/launch/docker_test.go b/launch/docker_test.go index cd2164e..4ee7b52 100644 --- a/launch/docker_test.go +++ b/launch/docker_test.go @@ -15,6 +15,8 @@ import ( "github.com/stretchr/testify/assert" ) +var sshSocket = os.Getenv("SSH_AUTH_SOCK") + ":/tmp/auth.sock:rw" + const ( fakeProcessLifeTime = 100 * time.Second waitForKillTime = 100 * time.Millisecond @@ -158,12 +160,12 @@ func TestRunBuild(t *testing.T) { {"success", "SUCCESS_RUN_BUILD", nil, []string{ "docker pull node:12", - fmt.Sprintf("docker container run --rm -v /:/sd/workspace/src/screwdriver.cd/sd-local/local-build -v sd-artifacts/:/test/artifacts -v %s:/opt/sd -v %s:/opt/sd/hab -v %s:/tmp/auth.sock -e SSH_AUTH_SOCK=/tmp/auth.sock node:12 /opt/sd/local_run.sh ", d.volume, d.habVolume, os.Getenv("SSH_AUTH_SOCK"))}, + fmt.Sprintf("docker container run --rm -v /:/sd/workspace/src/screwdriver.cd/sd-local/local-build -v sd-artifacts/:/test/artifacts -v %s:/opt/sd -v %s:/opt/sd/hab -v %s -e SSH_AUTH_SOCK=/tmp/auth.sock node:12 /opt/sd/local_run.sh ", d.volume, d.habVolume, sshSocket)}, newBuildEntry()}, {"success with memory limit", "SUCCESS_RUN_BUILD", nil, []string{ "docker pull node:12", - fmt.Sprintf("docker container run -m2GB --rm -v /:/sd/workspace/src/screwdriver.cd/sd-local/local-build -v sd-artifacts/:/test/artifacts -v %s:/opt/sd -v %s:/opt/sd/hab -v %s:/tmp/auth.sock -e SSH_AUTH_SOCK=/tmp/auth.sock node:12 /opt/sd/local_run.sh ", d.volume, d.habVolume, os.Getenv("SSH_AUTH_SOCK"))}, + fmt.Sprintf("docker container run -m2GB --rm -v /:/sd/workspace/src/screwdriver.cd/sd-local/local-build -v sd-artifacts/:/test/artifacts -v %s:/opt/sd -v %s:/opt/sd/hab -v %s -e SSH_AUTH_SOCK=/tmp/auth.sock node:12 /opt/sd/local_run.sh ", d.volume, d.habVolume, sshSocket)}, newBuildEntry(func(b *buildEntry) { b.MemoryLimit = "2GB" })}, @@ -210,12 +212,12 @@ func TestRunBuildWithSudo(t *testing.T) { {"success", "SUCCESS_RUN_BUILD_SUDO", nil, []string{ "sudo docker pull node:12", - fmt.Sprintf("sudo docker container run --rm -v /:/sd/workspace/src/screwdriver.cd/sd-local/local-build -v sd-artifacts/:/test/artifacts -v %s:/opt/sd -v %s:/opt/sd/hab -v %s:/tmp/auth.sock -e SSH_AUTH_SOCK=/tmp/auth.sock node:12 /opt/sd/local_run.sh ", d.volume, d.habVolume, os.Getenv("SSH_AUTH_SOCK"))}, + fmt.Sprintf("sudo docker container run --rm -v /:/sd/workspace/src/screwdriver.cd/sd-local/local-build -v sd-artifacts/:/test/artifacts -v %s:/opt/sd -v %s:/opt/sd/hab -v %s -e SSH_AUTH_SOCK=/tmp/auth.sock node:12 /opt/sd/local_run.sh ", d.volume, d.habVolume, sshSocket)}, newBuildEntry()}, {"success with memory limit", "SUCCESS_RUN_BUILD_SUDO", nil, []string{ "sudo docker pull node:12", - fmt.Sprintf("sudo docker container run -m2GB --rm -v /:/sd/workspace/src/screwdriver.cd/sd-local/local-build -v sd-artifacts/:/test/artifacts -v %s:/opt/sd -v %s:/opt/sd/hab -v %s:/tmp/auth.sock -e SSH_AUTH_SOCK=/tmp/auth.sock node:12 /opt/sd/local_run.sh ", d.volume, d.habVolume, os.Getenv("SSH_AUTH_SOCK"))}, + fmt.Sprintf("sudo docker container run -m2GB --rm -v /:/sd/workspace/src/screwdriver.cd/sd-local/local-build -v sd-artifacts/:/test/artifacts -v %s:/opt/sd -v %s:/opt/sd/hab -v %s -e SSH_AUTH_SOCK=/tmp/auth.sock node:12 /opt/sd/local_run.sh ", d.volume, d.habVolume, sshSocket)}, newBuildEntry(func(b *buildEntry) { b.MemoryLimit = "2GB" })}, @@ -264,13 +266,13 @@ func TestRunBuildWithInteractiveMode(t *testing.T) { {"success", "SUCCESS_RUN_BUILD_INTERACT", nil, []string{ "sudo docker pull node:12", - fmt.Sprintf("sudo docker container run -itd --rm -v /:/sd/workspace/src/screwdriver.cd/sd-local/local-build -v sd-artifacts/:/test/artifacts -v %s:/opt/sd -v %s:/opt/sd/hab -v %s:/tmp/auth.sock -e SSH_AUTH_SOCK=/tmp/auth.sock node:12 /bin/sh", d.volume, d.habVolume, os.Getenv("SSH_AUTH_SOCK")), + fmt.Sprintf("sudo docker container run -itd --rm -v /:/sd/workspace/src/screwdriver.cd/sd-local/local-build -v sd-artifacts/:/test/artifacts -v %s:/opt/sd -v %s:/opt/sd/hab -v %s -e SSH_AUTH_SOCK=/tmp/auth.sock node:12 /bin/sh", d.volume, d.habVolume, sshSocket), "sudo docker attach "}, newBuildEntry()}, {"success with memory limit", "SUCCESS_RUN_BUILD_INTERACT", nil, []string{ "sudo docker pull node:12", - fmt.Sprintf("sudo docker container run -m2GB -itd --rm -v /:/sd/workspace/src/screwdriver.cd/sd-local/local-build -v sd-artifacts/:/test/artifacts -v %s:/opt/sd -v %s:/opt/sd/hab -v %s:/tmp/auth.sock -e SSH_AUTH_SOCK=/tmp/auth.sock node:12 /bin/sh", d.volume, d.habVolume, os.Getenv("SSH_AUTH_SOCK")), + fmt.Sprintf("sudo docker container run -m2GB -itd --rm -v /:/sd/workspace/src/screwdriver.cd/sd-local/local-build -v sd-artifacts/:/test/artifacts -v %s:/opt/sd -v %s:/opt/sd/hab -v %s -e SSH_AUTH_SOCK=/tmp/auth.sock node:12 /bin/sh", d.volume, d.habVolume, sshSocket), "sudo docker attach SUCCESS_RUN_BUILD_INTERACT"}, newBuildEntry(func(b *buildEntry) { b.MemoryLimit = "2GB"