Skip to content

Unroot all the things#81

Merged
theyoyojo merged 2 commits into
masterfrom
unroot
Apr 4, 2024
Merged

Unroot all the things#81
theyoyojo merged 2 commits into
masterfrom
unroot

Conversation

@charliemirabile

@charliemirabile charliemirabile commented Apr 3, 2024

Copy link
Copy Markdown
Contributor

Its official, we have gone fully rootless. (technically the master process of nginx spawns as root and only the workers drop their privs and run as nginx:nginx, but it is good to keep it this way because the alternative makes the bind mount for socks more tricky)

Needed to update the default orbit db binary blob to reflect
the new perms. So that it is clear I am not pulling a Jia Tan,
you can use these commands to verify that the only difference
is the owner/timestamp metadata within the tar and that the
db file is unchanged:

$ git show HEAD^:test.sh | sed -n '80,116p' | xxd -r | tar -ztv
-rw-r--r-- 0/0           36864 2024-04-01 17:03 orbit.db
$ git show  HEAD:test.sh | sed -n '80,116p' | xxd -r | tar -ztv
-rw-r--r-- 100/100       36864 2024-04-03 13:11 orbit.db
$ diff -s <(git show HEAD^:test.sh | sed -n '80,116p' | xxd -r | tar -zxO orbit.db) \
          <(git show  HEAD:test.sh | sed -n '80,116p' | xxd -r | tar -zxO orbit.db)
Files /dev/fd/63 and /dev/fd/62 are identical
It was unfortunately necessary to change the copy command in
smtp/Containerfile to copy the whole mnt directory instead of the
subdirectory because of a bug in podman where the actual directory
that is copied does not preserve its user/group information and is
always reset to root:root. The contents keep their permission changes
however, so it is fine to just copy all of /mnt (which should be owned
by root:root in the final image anyways) so that the email_data folder
and its contents are all preserved. There is nothing in /mnt besides
email_data so this really has no impact on security or the final image
size etc.

@theyoyojo theyoyojo left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests fail as follows:

...
Traceback (most recent call last):
  File "/orbit/hyperspace.py", line 203, in <module>
    hyperspace_main(sys.argv[1:])
  File "/orbit/hyperspace.py", line 197, in hyperspace_main
    args.do(args)
  File "/orbit/hyperspace.py", line 121, in do_newuser
    db.usr_ins((args.username, do_bcrypt_hash(args, get=True),
  File "/orbit/db.py", line 98, in usr_ins
    def usr_ins(usr): return _set(USR_INS, usr)
                             ^^^^^^^^^^^^^^^^^^
  File "/orbit/db.py", line 31, in _set
    def _set(cmd, reps=()): return _do(cmd, reps, set_=True, get_=True)
                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/orbit/db.py", line 17, in _do
    ret = new.execute(cmd, reps)
          ^^^^^^^^^^^^^^^^^^^^^^
sqlite3.OperationalError: attempt to write a readonly database
...

Something funky going on with the blob?

@charliemirabile

Copy link
Copy Markdown
Contributor Author

perhaps you need to purge your volumes? The tests pass for me

@theyoyojo

Copy link
Copy Markdown
Contributor

after purging volumes, tests now pass

@theyoyojo theyoyojo merged commit ad38dd7 into master Apr 4, 2024
@theyoyojo theyoyojo deleted the unroot branch April 4, 2024 01:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants