Fix runc root not having enough priveleges

crafttalk · Jun 7, 2021 · 1610a39 · 1610a39
1 parent 3176999
commit 1610a39
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -97,12 +97,13 @@ ctcli list-releases
 ## Root Directory File Structure
 
 ```
-/releases - Previous releases and etc.
-/config - Services' configs
-/current-release - Current installation
-/logs - Logs
-/data - app persistent data
-/tmp - Temporary directory
+/releases           - Previous releases and etc.
+/config             - Services' configs
+/current-release    - Current installation
+/logs               - Logs
+/data               - app persistent data
+/runc-root          - runc containers root dir 
+/tmp                - Temporary directory
 ```
 
 ## Package structure

diff --git a/cmd/version.go b/cmd/version.go
@@ -5,7 +5,7 @@ import (
 	"github.com/spf13/cobra"
 )
 
-const VERSION int = 5
+const VERSION int = 6
 const COMMIT string = "%%commit_hash%%"
 
 var versionCmd = &cobra.Command{

diff --git a/domain/ctcliDir/paths.go b/domain/ctcliDir/paths.go
@@ -65,4 +65,8 @@ func GetNewArchiveStdoutLogFilePath(rootDir, app string) string {
 
 func GetCtcliLogFilePath(rootDir string) string {
 	return path.Join(GetLogsDir(rootDir), "ctcli.log")
+}
+
+func GetRuncRoot(rootDir string) string {
+	return path.Join(rootDir, "runc-root")
 }
diff --git a/domain/lifetime/start.go b/domain/lifetime/start.go
@@ -58,6 +58,8 @@ func StartApp(rootDir, appName, appPath, runcPath string) error {
 
 	cmd := exec.Command(
 		runcPath,
+		"--root",
+		ctcliDir.GetRuncRoot(rootDir),
 		"create",
 		"--bundle",
 		appPath,
@@ -84,6 +86,8 @@ func StartApp(rootDir, appName, appPath, runcPath string) error {
 
 	cmd = exec.Command(
 		runcPath,
+		"--root",
+		ctcliDir.GetRuncRoot(rootDir),
 		"start",
 		runc.GetContainerName(rootDir, appName),
 	)

diff --git a/domain/lifetime/stop.go b/domain/lifetime/stop.go
@@ -1,6 +1,7 @@
 package lifetime
 
 import (
+	"ctcli/domain/ctcliDir"
 	"ctcli/domain/release"
 	"ctcli/domain/runc"
 	"ctcli/util"
@@ -46,6 +47,8 @@ func StopApp(rootDir, appName, runcPath string) error {
 	if status == "running" {
 		cmd := exec.Command(
 			runcPath,
+			"--root",
+			ctcliDir.GetRuncRoot(rootDir),
 			"kill",
 			runc.GetContainerName(rootDir, appName),
 			"SIGTERM",
@@ -60,6 +63,8 @@ func StopApp(rootDir, appName, runcPath string) error {
 		if status == "running" {
 			cmd := exec.Command(
 				runcPath,
+				"--root",
+				ctcliDir.GetRuncRoot(rootDir),
 				"kill",
 				runc.GetContainerName(rootDir, appName),
 				"SIGKILL",

diff --git a/domain/runc/state.go b/domain/runc/state.go
@@ -2,6 +2,7 @@ package runc
 
 import (
 	"crypto/md5"
+	"ctcli/domain/ctcliDir"
 	"ctcli/domain/release"
 	"fmt"
 	"github.com/valyala/fastjson"
@@ -17,6 +18,8 @@ func GetStatus(rootDir string, appName string) string {
 	runcPath := release.GetCurrentReleaseRuncPath(rootDir)
 	out, err := exec.Command(
 		runcPath,
+		"--root",
+		ctcliDir.GetRuncRoot(rootDir),
 		"state",
 		GetContainerName(rootDir, appName),
 	).Output()
@@ -31,6 +34,8 @@ func GetPid(rootDir string, appName string) int {
 	runcPath := release.GetCurrentReleaseRuncPath(rootDir)
 	out, err := exec.Command(
 		runcPath,
+		"--root",
+		ctcliDir.GetRuncRoot(rootDir),
 		"state",
 		GetContainerName(rootDir, appName),
 	).Output()
@@ -55,6 +60,8 @@ func DeleteContainer(rootDir string, appName string) error {
 	runcPath := release.GetCurrentReleaseRuncPath(rootDir)
 	err := exec.Command(
 		runcPath,
+		"--root",
+		ctcliDir.GetRuncRoot(rootDir),
 		"delete",
 		GetContainerName(rootDir, appName),
 	).Run()