server: fix setuid/guid
This commit is contained in:
@@ -207,7 +207,7 @@ func (srv *Server) Build() error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
rundir := filepath.Dir(srv.conf.Runpath)
|
rundir := filepath.Dir(srv.conf.Runpath)
|
||||||
srv.logg.Infof("Creating run directory %s", rundir)
|
//srv.logg.Infof("Creating run directory %s", rundir)
|
||||||
err = os.MkdirAll(rundir, 0750)
|
err = os.MkdirAll(rundir, 0750)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
@@ -259,7 +259,6 @@ func (srv *Server) Build() error {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
cert, key := []byte(srv.conf.X509Cert), []byte(srv.conf.X509Key)
|
cert, key := []byte(srv.conf.X509Cert), []byte(srv.conf.X509Key)
|
||||||
addrinfo := fmt.Sprintf("%s:%d", srv.conf.Service.Address, srv.conf.Service.Port)
|
addrinfo := fmt.Sprintf("%s:%d", srv.conf.Service.Address, srv.conf.Service.Port)
|
||||||
listener, err := CreateTLSListener(addrinfo, cert, key)
|
listener, err := CreateTLSListener(addrinfo, cert, key)
|
||||||
@@ -270,15 +269,16 @@ func (srv *Server) Build() error {
|
|||||||
|
|
||||||
if cuid64 == 0 {
|
if cuid64 == 0 {
|
||||||
// Change effective user and group
|
// Change effective user and group
|
||||||
err = syscall.Setuid(euid)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
err = syscall.Setgid(egid)
|
err = syscall.Setgid(egid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
err = syscall.Setuid(euid)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
//return fmt.Errorf("Debug break")
|
||||||
|
|
||||||
uidstr := strconv.FormatInt(int64(syscall.Geteuid()), 10)
|
uidstr := strconv.FormatInt(int64(syscall.Geteuid()), 10)
|
||||||
usr, err := user.LookupId(uidstr)
|
usr, err := user.LookupId(uidstr)
|
||||||
|
|||||||
@@ -26,12 +26,12 @@ spec:
|
|||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: config-volume
|
- name: config-volume
|
||||||
mountPath: /app/etc/mstore
|
mountPath: /app/etc/mstore
|
||||||
- name: db-volume
|
# - name: db-volume
|
||||||
mountPath: /var/lib
|
# mountPath: /var/lib
|
||||||
volumes:
|
volumes:
|
||||||
- name: config-volume
|
- name: config-volume
|
||||||
configMap:
|
configMap:
|
||||||
name: mstored-config
|
name: mstored-config
|
||||||
- name: db-volume
|
# - name: db-volume
|
||||||
persistentVolumeClaim:
|
# persistentVolumeClaim:
|
||||||
claimName: mstore-data
|
# claimName: mstore-data
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
main:
|
main:
|
||||||
image:
|
image:
|
||||||
path: hub.unix7.org/mstore
|
path: t14x.unix7.org/mstore
|
||||||
name: "@PACKAGE_NAME@"
|
name: "@PACKAGE_NAME@"
|
||||||
tag: "@PACKAGE_VERSION@"
|
tag: "@PACKAGE_VERSION@"
|
||||||
imagePullPolicy: Always
|
imagePullPolicy: Always
|
||||||
|
|||||||
Reference in New Issue
Block a user