clawdie/colibri
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 48

fix(bootstrap): pre-create daemon staging dir in agent jails #134

Merged
clawdie merged 1 commit from jail-staging-dir into main 2026-06-21 17:28:51 +02:00
Conversation 0 Commits 1 Files changed 1 +8
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
packaging/freebsd/agent-jail-bootstrap.sh
View file

@ -11,6 +11,7 @@ set -eu
JAIL_NAME="${1:-}" JAIL_NAME="${1:-}"
PKG_CACHE_DIR="${PKG_CACHE_DIR:-/var/cache/pkg}" PKG_CACHE_DIR="${PKG_CACHE_DIR:-/var/cache/pkg}"
DAEMON_USER="${DAEMON_USER:-clawdie}"
# The jail name becomes a path component, so reject anything that could escape # The jail name becomes a path component, so reject anything that could escape
# /usr/local/bastille/jails/<name>/root (empty, traversal, odd characters). # /usr/local/bastille/jails/<name>/root (empty, traversal, odd characters).
@ -97,4 +98,11 @@ if ! grep -q '/etc/profile.d/clawdie-npm.sh' "${JAIL_ROOT}/etc/profile" 2>/dev/n
>> "${JAIL_ROOT}/etc/profile" >> "${JAIL_ROOT}/etc/profile"
fi fi
# Pre-create the daemon's per-spawn staging directory. The daemon runs as
# ${DAEMON_USER} and stages launch.sh/env.sh under <stage_id> subdirs here, so
# it must own this directory. Created clawdie-owned 0700 rather than left for a
# root-owned /var/run to block (the spawn EACCES) or patched world-writable.
install -d -o "${DAEMON_USER}" -g "${DAEMON_USER}" -m 0700 \
"${JAIL_ROOT}/var/run/colibri-stage"
echo "Done — ${JAIL_NAME} ready for vault provision." echo "Done — ${JAIL_NAME} ready for vault provision."