From cf40142578bde70e3bb27c5619541c51930d7433 Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Tue, 20 Jun 2023 18:20:30 -0400 Subject: [PATCH 01/25] mapping in background --- .github/workflows/test.yaml | 1 + setup.sh | 2 ++ try | 23 ++++++++++++++++++++++- 3 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 setup.sh diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 7e618446..6d0602a4 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -31,6 +31,7 @@ jobs: uname -a sudo apt-get update sudo apt-get install strace + bash ./test.sh bash ./test/run_tests.sh # get the timer timer=$(LANG=en_us_88591; date) diff --git a/setup.sh b/setup.sh new file mode 100644 index 00000000..1bfc65e3 --- /dev/null +++ b/setup.sh @@ -0,0 +1,2 @@ +wget https://github.com/ericzty/gidmapper/releases/download/0.0.3/gidmapper +sudo setcap 'CAP_SETGID=ep' gidmapper diff --git a/try b/try index 1609ea15..066ae10e 100755 --- a/try +++ b/try @@ -1,4 +1,5 @@ #!/bin/sh +set -x # exit status invariants # @@ -6,6 +7,17 @@ # 1 -- consistency error/failure # 2 -- input error +################################################################################ +# Change uid/gid mapping +################################################################################ + +mapper() { + nc -l localhost 8887 > /dev/null + pid=$(ps | grep unshare | awk '{print $1;}') + ./gidmapper $pid 0 $(id -u) 1 0 $(id -g) 65535 + echo a | nc localhost -q0 8888 +} + ################################################################################ # Run a command in an overlay ################################################################################ @@ -33,6 +45,13 @@ try() { cat >"$mount_and_execute" <<"EOF" #!/bin/sh +# start gid mapping +echo a | nc localhost -q0 8887 + +# Wait for gid to be mapped +nc -l localhost 8888 > /dev/null + + # actually mount the overlays for top_dir in $(ls /) do @@ -71,7 +90,9 @@ EOF # --pid: create a new process namespace (needed fr procfs to work right) # --fork: necessary if we do --pid # "Creation of a persistent PID namespace will fail if the --fork option is not also specified." - unshare --mount --map-root-user --user --pid --fork "$mount_and_execute" + + mapper& + unshare --mount --user --pid --fork "$mount_and_execute" ################################################################################ # commit? From 7fd823b34acd2de3520e568b77bb7769f3665c37 Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Tue, 20 Jun 2023 18:22:44 -0400 Subject: [PATCH 02/25] fix ci --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 6d0602a4..8aa51742 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -31,7 +31,7 @@ jobs: uname -a sudo apt-get update sudo apt-get install strace - bash ./test.sh + bash ./setup.sh bash ./test/run_tests.sh # get the timer timer=$(LANG=en_us_88591; date) From 766bc5ad6e653ce9f0f993bca5366e84a3cd586f Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Tue, 20 Jun 2023 18:24:05 -0400 Subject: [PATCH 03/25] set +x on gidmapper --- setup.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/setup.sh b/setup.sh index 1bfc65e3..8960832d 100644 --- a/setup.sh +++ b/setup.sh @@ -1,2 +1,3 @@ wget https://github.com/ericzty/gidmapper/releases/download/0.0.3/gidmapper +chmod +x gidmapper sudo setcap 'CAP_SETGID=ep' gidmapper From c0d4f0fa628750f1dd3b9c52c7ca6ca040762ae5 Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Tue, 20 Jun 2023 18:29:08 -0400 Subject: [PATCH 04/25] remove ci hack --- .github/workflows/test.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 8aa51742..f2b0fedc 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -25,9 +25,6 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} - name: Running Correctness Tests run: | - cd .. - cp -r try ~ - cd ~/try uname -a sudo apt-get update sudo apt-get install strace From ff8392e6a38619dc88683773ca7571f41e124267 Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Tue, 20 Jun 2023 18:31:21 -0400 Subject: [PATCH 05/25] map all groups one to one --- try | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/try b/try index 066ae10e..7844f14d 100755 --- a/try +++ b/try @@ -14,7 +14,7 @@ set -x mapper() { nc -l localhost 8887 > /dev/null pid=$(ps | grep unshare | awk '{print $1;}') - ./gidmapper $pid 0 $(id -u) 1 0 $(id -g) 65535 + ./gidmapper $pid 0 $(id -u) 1 0 0 65535 echo a | nc localhost -q0 8888 } From ca6b11eb18efc92ad2b4ef3d21aca6e4bd66cbfb Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Tue, 20 Jun 2023 18:32:11 -0400 Subject: [PATCH 06/25] fix ci --- .github/workflows/test.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index f2b0fedc..1a3604ef 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -56,7 +56,6 @@ jobs: # body: body, # }) - name: Exit Code - working-directory: /home/runner/try/test run: | # check if everything executed without errors bash exit_code.sh From 54fc3750a513b90a492ddba338b20ddac4e00e31 Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Tue, 20 Jun 2023 18:33:00 -0400 Subject: [PATCH 07/25] fix ci --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 1a3604ef..d338cf7a 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -58,4 +58,4 @@ jobs: - name: Exit Code run: | # check if everything executed without errors - bash exit_code.sh + bash test/exit_code.sh From 3d033f04d911628e46b8ac513254eec06e8cdce1 Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Tue, 20 Jun 2023 19:02:52 -0400 Subject: [PATCH 08/25] use random port instead of pregenerated --- try | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/try b/try index 7844f14d..73387ee7 100755 --- a/try +++ b/try @@ -7,17 +7,6 @@ set -x # 1 -- consistency error/failure # 2 -- input error -################################################################################ -# Change uid/gid mapping -################################################################################ - -mapper() { - nc -l localhost 8887 > /dev/null - pid=$(ps | grep unshare | awk '{print $1;}') - ./gidmapper $pid 0 $(id -u) 1 0 0 65535 - echo a | nc localhost -q0 8888 -} - ################################################################################ # Run a command in an overlay ################################################################################ @@ -46,10 +35,10 @@ try() { #!/bin/sh # start gid mapping -echo a | nc localhost -q0 8887 +echo a | nc localhost -q0 "$port1" # Wait for gid to be mapped -nc -l localhost 8888 > /dev/null +nc -l localhost "$port2" > /dev/null # actually mount the overlays @@ -91,6 +80,10 @@ EOF # --fork: necessary if we do --pid # "Creation of a persistent PID namespace will fail if the --fork option is not also specified." + freeports="$(shuf -n 2 -i 49152-65535)" + export port1="$(echo $freeports | tr ' ' '\n' | head -1)" + export port2="$(echo $freeports | tr ' ' '\n' | tail -1)" + mapper& unshare --mount --user --pid --fork "$mount_and_execute" @@ -199,6 +192,17 @@ $changed_files EOF } +################################################################################ +# Change uid/gid mapping +################################################################################ + +mapper() { + nc -l localhost "$port1" > /dev/null + pid=$(ps | grep unshare | awk '{print $1;}') + ./gidmapper $pid 0 $(id -u) 1 0 0 65535 + echo a | nc localhost -q0 "$port2" +} + ## Defines which changes we want to ignore in the summary and commit ## TODO: Make this be parametrizable, through a file for example @@ -206,7 +210,6 @@ ignore_changes() { grep -v -e .rkr -e Rikerfile } - ################################################################################ # Argument parsing ################################################################################ From c25d5250cda0c3b3b94a0849678ac547c829b699 Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Tue, 20 Jun 2023 19:10:33 -0400 Subject: [PATCH 09/25] remove set -x --- try | 1 - 1 file changed, 1 deletion(-) diff --git a/try b/try index 73387ee7..37f0f5d6 100755 --- a/try +++ b/try @@ -1,5 +1,4 @@ #!/bin/sh -set -x # exit status invariants # From 149b704b5ce009cffe57c09a2c8ab04a5691e27e Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Wed, 21 Jun 2023 10:28:49 -0400 Subject: [PATCH 10/25] add gidmapper to gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..a0d96dae --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +gidmapper From cc113f3652ea2603e85571220934a601a893fc69 Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Wed, 21 Jun 2023 15:00:04 -0400 Subject: [PATCH 11/25] use domain socket instead of tcp --- try | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/try b/try index 37f0f5d6..bad4aa80 100755 --- a/try +++ b/try @@ -34,10 +34,10 @@ try() { #!/bin/sh # start gid mapping -echo a | nc localhost -q0 "$port1" +echo a | nc -Uq0 "$socket1" # Wait for gid to be mapped -nc -l localhost "$port2" > /dev/null +nc -lU "$socket2" > /dev/null # actually mount the overlays @@ -79,9 +79,8 @@ EOF # --fork: necessary if we do --pid # "Creation of a persistent PID namespace will fail if the --fork option is not also specified." - freeports="$(shuf -n 2 -i 49152-65535)" - export port1="$(echo $freeports | tr ' ' '\n' | head -1)" - export port2="$(echo $freeports | tr ' ' '\n' | tail -1)" + export socket1="$(mktemp -u)" + export socket2="$(mktemp -u)" mapper& unshare --mount --user --pid --fork "$mount_and_execute" @@ -196,10 +195,10 @@ EOF ################################################################################ mapper() { - nc -l localhost "$port1" > /dev/null + nc -Ul "$socket1" > /dev/null pid=$(ps | grep unshare | awk '{print $1;}') ./gidmapper $pid 0 $(id -u) 1 0 0 65535 - echo a | nc localhost -q0 "$port2" + echo a | nc -Uq0 "$socket2" } From 63ce15e593a5422c8bf2f69e5c8d2ff4e424e07c Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Wed, 21 Jun 2023 16:21:38 -0400 Subject: [PATCH 12/25] use pgrep to get pid of unshare --- try | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/try b/try index bad4aa80..ff2273fb 100755 --- a/try +++ b/try @@ -195,9 +195,13 @@ EOF ################################################################################ mapper() { + # Wait for unshare process to start nc -Ul "$socket1" > /dev/null - pid=$(ps | grep unshare | awk '{print $1;}') + # Get the pid of the unshare process with current pid as parent + pid=$(pgrep -P $$ -f unshare) + # Map root user to current user, and all groups ./gidmapper $pid 0 $(id -u) 1 0 0 65535 + # Notify the unshare process that we have finished echo a | nc -Uq0 "$socket2" } From 6cd08df8de8b00a710b27b49cce82928e015a3c0 Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Wed, 21 Jun 2023 17:03:47 -0400 Subject: [PATCH 13/25] add comments for the nc commands --- try | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/try b/try index ff2273fb..60a8d60a 100755 --- a/try +++ b/try @@ -34,9 +34,13 @@ try() { #!/bin/sh # start gid mapping +# -U: use unix domain socket +# -q0: don't wait after EOF on stdin echo a | nc -Uq0 "$socket1" # Wait for gid to be mapped +# -l: listen +# -U: use unix socket nc -lU "$socket2" > /dev/null @@ -196,12 +200,16 @@ EOF mapper() { # Wait for unshare process to start + # -U: use unix domain socket + # -l: listen nc -Ul "$socket1" > /dev/null # Get the pid of the unshare process with current pid as parent pid=$(pgrep -P $$ -f unshare) # Map root user to current user, and all groups ./gidmapper $pid 0 $(id -u) 1 0 0 65535 # Notify the unshare process that we have finished + # -U: use unix domain socket + # -q0: don't wait after EOF echo a | nc -Uq0 "$socket2" } From 87dde54c0275045f111dac5ca905ca5ad5ad15fb Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Wed, 21 Jun 2023 17:04:05 -0400 Subject: [PATCH 14/25] add a wait after mapper --- try | 1 + 1 file changed, 1 insertion(+) diff --git a/try b/try index 60a8d60a..2b2d206a 100755 --- a/try +++ b/try @@ -88,6 +88,7 @@ EOF mapper& unshare --mount --user --pid --fork "$mount_and_execute" + wait ################################################################################ # commit? From ca01305cf60565a1a75862e39397f636de14d85d Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Wed, 21 Jun 2023 17:36:52 -0400 Subject: [PATCH 15/25] update readme --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index bd826a1d..e556cd31 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,8 @@ We're setting out to change that. ### Dependencies +Requires `netcat-openbsd` and `procps`. + Has been tested on the following distributions: * `Ubuntu 20.04 LTS` or later * `Debian 12` @@ -32,6 +34,8 @@ You only need the [`try` script](https://raw.githubusercontent.com/binpash/try/m $ git clone https://github.com/binpash/try.git ``` +You would also want to install the `gidmapper`, simply run `sh setup.sh`. + ## Example Usage `try` is a higher-order command, like `xargs`, `exec`, `nohup`, or `find`. For example, to ungzip file, you can invoke `try` as follows: From 5cea67599c7d0e976e70271e4ed6bc174c79e94b Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Wed, 21 Jun 2023 23:29:24 -0400 Subject: [PATCH 16/25] map all user if running as root --- try | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/try b/try index d87f35d6..52a2ea68 100755 --- a/try +++ b/try @@ -213,8 +213,17 @@ mapper() { nc -Ul "$socket1" > /dev/null # Get the pid of the unshare process with current pid as parent pid=$(pgrep -P $$ -f unshare) + # Map root user to current user, and all groups - ./gidmapper $pid 0 $(id -u) 1 0 0 65535 + if [ "$(id -u)" = 0 ] + then + # If we're running as root, we can map all the users + ./gidmapper $pid 0 0 65535 0 0 65535 + else + # If not running as root, we can only mount the caller user + ./gidmapper $pid 0 $(id -u) 1 0 0 65535 + fi + # Notify the unshare process that we have finished # -U: use unix domain socket # -q0: don't wait after EOF From 61d1e04e0bc0df624fbc0327d302e090af64efd7 Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Thu, 22 Jun 2023 00:35:42 -0400 Subject: [PATCH 17/25] un-dryrun mktemp, safer --- try | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/try b/try index 52a2ea68..67b4e075 100755 --- a/try +++ b/try @@ -90,8 +90,8 @@ EOF # --fork: necessary if we do --pid # "Creation of a persistent PID namespace will fail if the --fork option is not also specified." - export socket1="$(mktemp -u)" - export socket2="$(mktemp -u)" + export socket1="$(mktemp)" + export socket2="$(mktemp)" mapper& unshare --mount --user --pid --fork "$mount_and_execute" From 8eeca5f6f34efddb13f74d0309f7311fabb921b9 Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Thu, 22 Jun 2023 01:07:27 -0400 Subject: [PATCH 18/25] rerun nc if fail --- try | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/try b/try index 67b4e075..88e7ef1a 100755 --- a/try +++ b/try @@ -37,7 +37,7 @@ try() { # start gid mapping # -U: use unix domain socket # -q0: don't wait after EOF on stdin -echo a | nc -Uq0 "$socket1" +while ! echo a | nc -Uq0 "$socket1" 2> /dev/null; do sleep 0.25 ; done # Wait for gid to be mapped # -l: listen From 56d22ffd1a9543c9f196fee6e146645b8a7ea14f Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Thu, 22 Jun 2023 01:08:14 -0400 Subject: [PATCH 19/25] add documentation --- try | 1 + 1 file changed, 1 insertion(+) diff --git a/try b/try index 88e7ef1a..b9eb894c 100755 --- a/try +++ b/try @@ -37,6 +37,7 @@ try() { # start gid mapping # -U: use unix domain socket # -q0: don't wait after EOF on stdin +# Sometimes this will run first before the other nc starts listening, so we will retry while ! echo a | nc -Uq0 "$socket1" 2> /dev/null; do sleep 0.25 ; done # Wait for gid to be mapped From 5bb2dbee4f6dce243d49284ffa15d40c7c70872a Mon Sep 17 00:00:00 2001 From: Neeraj Kashyap Date: Sat, 24 Jun 2023 15:21:06 -0700 Subject: [PATCH 20/25] Fixed type in README `s/changhes/changes/` --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e556cd31..574bf4b0 100644 --- a/README.md +++ b/README.md @@ -156,7 +156,7 @@ total 8 -rw------- 1 gliargovas gliargovas 6966 Jun 21 00:38 f40e360665950eda8309f6341a788c506584b57c23789004ba8305aa ``` -You can inspect the changhes made inside a given overlay directory using *try*: +You can inspect the changes made inside a given overlay directory using *try*: ```ShellSession $ try summary pip_try_sandbox From 7308bf79c42e0029983dc01d6029dda99e765e1c Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Mon, 24 Jul 2023 01:47:15 -0400 Subject: [PATCH 21/25] add setup.sh to testing, fix shellcheck err for try --- .github/workflows/test.yaml | 2 +- Vagrantfile | 5 +++++ setup.sh | 2 ++ try | 4 ++-- 4 files changed, 10 insertions(+), 3 deletions(-) mode change 100644 => 100755 setup.sh diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index bfe067b8..7df01ce3 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -27,7 +27,7 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} - name: Run tests - run: scripts/run_tests.sh + run: setup.sh && scripts/run_tests.sh - name: Upload script uses: actions/upload-artifact@v2 diff --git a/Vagrantfile b/Vagrantfile index fcf46c04..74f815fb 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -14,6 +14,7 @@ Vagrant.configure("2") do |config| sudo apt-get install -y git expect sudo chown -R vagrant:vagrant try cd try + ./setup.sh scripts/run_tests.sh " end @@ -27,6 +28,7 @@ Vagrant.configure("2") do |config| sudo apt-get install -y curl sudo chown -R vagrant:vagrant try cd try + ./setup.sh mkdir rustup ./try -D rustup \"curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y\" ls -lah rustup/upperdir/home/vagrant/.cargo/bin @@ -65,6 +67,7 @@ Vagrant.configure("2") do |config| sudo chown -R vagrant:vagrant /mnt/lv0/try cd /mnt/lv0/try + ./setup.sh scripts/run_tests.sh " end @@ -77,6 +80,7 @@ Vagrant.configure("2") do |config| sudo yum install -y git expect sudo chown -R vagrant:vagrant try cd try + ./setup.sh TRY_TOP=$(pwd) scripts/run_tests.sh " end @@ -89,6 +93,7 @@ Vagrant.configure("2") do |config| sudo yum install -y git expect sudo chown -R vagrant:vagrant try cd try + ./setup.sh TRY_TOP=$(pwd) scripts/run_tests.sh " end diff --git a/setup.sh b/setup.sh old mode 100644 new mode 100755 index 8960832d..3dbd7913 --- a/setup.sh +++ b/setup.sh @@ -1,3 +1,5 @@ +#!/bin/sh + wget https://github.com/ericzty/gidmapper/releases/download/0.0.3/gidmapper chmod +x gidmapper sudo setcap 'CAP_SETGID=ep' gidmapper diff --git a/try b/try index 8b8b5dab..52c1f8e3 100755 --- a/try +++ b/try @@ -506,10 +506,10 @@ mapper() { if [ "$(id -u)" = 0 ] then # If we're running as root, we can map all the users - ./gidmapper $pid 0 0 65535 0 0 65535 + ./gidmapper "$pid" 0 0 65535 0 0 65535 else # If not running as root, we can only mount the caller user - ./gidmapper $pid 0 $(id -u) 1 0 0 65535 + ./gidmapper "$pid" 0 "$(id -u)" 1 0 0 65535 fi # Notify the unshare process that we have finished From 1e83f4e5ced94a4faf850f9771d125d4eeac1973 Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Mon, 24 Jul 2023 01:54:06 -0400 Subject: [PATCH 22/25] fix ci --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 7df01ce3..9bfb4e14 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -27,7 +27,7 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} - name: Run tests - run: setup.sh && scripts/run_tests.sh + run: ./setup.sh && scripts/run_tests.sh - name: Upload script uses: actions/upload-artifact@v2 From b0af1cc14974cf5ced87257f1ccc7081796b060d Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Mon, 24 Jul 2023 02:01:26 -0400 Subject: [PATCH 23/25] refactor how gidmapper is used --- .github/workflows/test.yaml | 4 +++- Vagrantfile | 10 +++++----- setup.sh | 6 +++--- try | 4 ++-- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 9bfb4e14..b1d29e70 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -27,7 +27,9 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} - name: Run tests - run: ./setup.sh && scripts/run_tests.sh + run: | + sudo ./setup.sh + scripts/run_tests.sh - name: Upload script uses: actions/upload-artifact@v2 diff --git a/Vagrantfile b/Vagrantfile index 74f815fb..bc376810 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -14,7 +14,7 @@ Vagrant.configure("2") do |config| sudo apt-get install -y git expect sudo chown -R vagrant:vagrant try cd try - ./setup.sh + sudo ./setup.sh scripts/run_tests.sh " end @@ -28,7 +28,7 @@ Vagrant.configure("2") do |config| sudo apt-get install -y curl sudo chown -R vagrant:vagrant try cd try - ./setup.sh + sudo ./setup.sh mkdir rustup ./try -D rustup \"curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y\" ls -lah rustup/upperdir/home/vagrant/.cargo/bin @@ -67,7 +67,7 @@ Vagrant.configure("2") do |config| sudo chown -R vagrant:vagrant /mnt/lv0/try cd /mnt/lv0/try - ./setup.sh + sudo ./setup.sh scripts/run_tests.sh " end @@ -80,7 +80,7 @@ Vagrant.configure("2") do |config| sudo yum install -y git expect sudo chown -R vagrant:vagrant try cd try - ./setup.sh + sudo ./setup.sh TRY_TOP=$(pwd) scripts/run_tests.sh " end @@ -93,7 +93,7 @@ Vagrant.configure("2") do |config| sudo yum install -y git expect sudo chown -R vagrant:vagrant try cd try - ./setup.sh + sudo ./setup.sh TRY_TOP=$(pwd) scripts/run_tests.sh " end diff --git a/setup.sh b/setup.sh index 3dbd7913..5777fdf3 100755 --- a/setup.sh +++ b/setup.sh @@ -1,5 +1,5 @@ #!/bin/sh -wget https://github.com/ericzty/gidmapper/releases/download/0.0.3/gidmapper -chmod +x gidmapper -sudo setcap 'CAP_SETGID=ep' gidmapper +wget https://github.com/ericzty/gidmapper/releases/download/0.0.3/gidmapper -O /usr/local/bin/gidmapper +chmod +x /usr/local/bin/gidmapper +setcap 'CAP_SETGID=ep' /usr/local/bin/gidmapper diff --git a/try b/try index 52c1f8e3..45b19568 100755 --- a/try +++ b/try @@ -506,10 +506,10 @@ mapper() { if [ "$(id -u)" = 0 ] then # If we're running as root, we can map all the users - ./gidmapper "$pid" 0 0 65535 0 0 65535 + gidmapper "$pid" 0 0 65535 0 0 65535 else # If not running as root, we can only mount the caller user - ./gidmapper "$pid" 0 "$(id -u)" 1 0 0 65535 + gidmapper "$pid" 0 "$(id -u)" 1 0 0 65535 fi # Notify the unshare process that we have finished From 8b1bc67b968ea8e38da9cac469f3c4af40368e67 Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Mon, 24 Jul 2023 02:08:34 -0400 Subject: [PATCH 24/25] run mapper& in subshell to supress jobcontrol msg --- try | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/try b/try index 45b19568..9baf2b98 100755 --- a/try +++ b/try @@ -245,7 +245,8 @@ EOF export socket1 export socket2 - mapper& + # Running mapper in a subshell to suppress job control [1] + Done message + (mapper&) # --mount: mounting and unmounting filesystems will not affect the rest of the system outside the unshare # --user: the process will have a distinct set of UIDs, GIDs and capabilities. From ba2ebf8dd60196d9de9ebbf90af7e7b83f5637e7 Mon Sep 17 00:00:00 2001 From: Eric Zhu Date: Mon, 24 Jul 2023 02:08:58 -0400 Subject: [PATCH 25/25] vagrant run on future branch --- .github/workflows/vagrant.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/vagrant.yaml b/.github/workflows/vagrant.yaml index 08321aac..b02d7cc3 100644 --- a/.github/workflows/vagrant.yaml +++ b/.github/workflows/vagrant.yaml @@ -4,6 +4,7 @@ on: push: branches: - main + - future pull_request: jobs: