feat/sudo-priv-mode #129

Merged

clawdie merged 3 commits from feat/sudo-priv-mode into main

2026-06-21 16:06:52 +02:00

clawdie commented

2026-06-21 16:06:41 +02:00

Owner

No description provided.

clawdie added 3 commits 2026-06-21 16:06:44 +02:00

docs(handoff): mark C1 validated — apply --yes + idempotent re-run 6e5f227fa7

OSA 2026-06-21: clawdie apply --pool testpool --yes completes all 7 steps
(ZFS datasets, _clawdie user, chown, rc.d, sysrc). Idempotent re-run skips
user creation via exit 65. C1 is done.

feat(spawner): add PrivMode::Sudo for hosts with sudo configured e268767f79

Uses 'sudo -n' to wrap jail commands. Set via
COLIBRI_JAIL_PRIV_MODE=sudo. Requires sudoers entry:
  clawdie ALL=(root) NOPASSWD: /usr/sbin/jexec *

The daemon's async spawn closure (edition 2015) may need a
follow-up to fully use this mode — the env var and wrapping
logic are correct, verified via manual jexec test.

fix(spawner): avoid async closure in retry path (Sam & Pi)

CI / rust (pull_request) Has been cancelled

Details

CI / markdown (pull_request) Has been cancelled

Details

CI / port (pull_request) Has been cancelled

Details

CI / agent-jail-pkgs (pull_request) Has been cancelled

Details

13f4ff7cc2

Move the backoff spawn operation into a named async helper so older tooling does not trip over || async syntax, and add a jail sudo wrapping unit test. Document sudo as an interim validated-host privilege mode.\n\nValidation: ./scripts/check-format.sh; cargo fmt --check; cargo check -p colibri-daemon; cargo test -p colibri-daemon jail_tests -- --nocapture.