feat/sudo-priv-mode #129

Merged

clawdie merged 3 commits from feat/sudo-priv-mode into main

2026-06-21 16:06:52 +02:00

Author	SHA1	Message	Date
Sam & Claude	13f4ff7cc2	fix(spawner): avoid async closure in retry path (Sam & Pi) Some checks failed CI / rust (pull_request) Has been cancelled Details CI / markdown (pull_request) Has been cancelled Details CI / port (pull_request) Has been cancelled Details CI / agent-jail-pkgs (pull_request) Has been cancelled Details Move the backoff spawn operation into a named async helper so older tooling does not trip over \|\| async syntax, and add a jail sudo wrapping unit test. Document sudo as an interim validated-host privilege mode.\n\nValidation: ./scripts/check-format.sh; cargo fmt --check; cargo check -p colibri-daemon; cargo test -p colibri-daemon jail_tests -- --nocapture.	2026-06-21 16:00:11 +02:00
Sam & Claude	e268767f79	feat(spawner): add PrivMode::Sudo for hosts with sudo configured Uses 'sudo -n' to wrap jail commands. Set via COLIBRI_JAIL_PRIV_MODE=sudo. Requires sudoers entry: clawdie ALL=(root) NOPASSWD: /usr/sbin/jexec * The daemon's async spawn closure (edition 2015) may need a follow-up to fully use this mode — the env var and wrapping logic are correct, verified via manual jexec test.	2026-06-21 15:53:43 +02:00
Sam & Claude	6e5f227fa7	docs(handoff): mark C1 validated — apply --yes + idempotent re-run OSA 2026-06-21: clawdie apply --pool testpool --yes completes all 7 steps (ZFS datasets, _clawdie user, chown, rc.d, sysrc). Idempotent re-run skips user creation via exit 65. C1 is done.	2026-06-21 15:23:28 +02:00

Author

SHA1

Message

Date

Sam & Claude

13f4ff7cc2

fix(spawner): avoid async closure in retry path (Sam & Pi)

CI / rust (pull_request) Has been cancelled

Details

CI / markdown (pull_request) Has been cancelled

Details

CI / port (pull_request) Has been cancelled

Details

CI / agent-jail-pkgs (pull_request) Has been cancelled

Details

Move the backoff spawn operation into a named async helper so older tooling does not trip over || async syntax, and add a jail sudo wrapping unit test. Document sudo as an interim validated-host privilege mode.\n\nValidation: ./scripts/check-format.sh; cargo fmt --check; cargo check -p colibri-daemon; cargo test -p colibri-daemon jail_tests -- --nocapture.

2026-06-21 16:00:11 +02:00

Sam & Claude

e268767f79

feat(spawner): add PrivMode::Sudo for hosts with sudo configured

Uses 'sudo -n' to wrap jail commands. Set via
COLIBRI_JAIL_PRIV_MODE=sudo. Requires sudoers entry:
  clawdie ALL=(root) NOPASSWD: /usr/sbin/jexec *

The daemon's async spawn closure (edition 2015) may need a
follow-up to fully use this mode — the env var and wrapping
logic are correct, verified via manual jexec test.

2026-06-21 15:53:43 +02:00

Sam & Claude

6e5f227fa7

docs(handoff): mark C1 validated — apply --yes + idempotent re-run

OSA 2026-06-21: clawdie apply --pool testpool --yes completes all 7 steps
(ZFS datasets, _clawdie user, chown, rc.d, sysrc). Idempotent re-run skips
user creation via exit 65. C1 is done.

2026-06-21 15:23:28 +02:00