particle-os/particle-os-cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(podman_driver): Invoke sudo when needed for privileged

Browse source 
My motivation is that it's really a bad practice to just run `sudo bluebuild generate -o Containerfile`, as the file gets created as root and it's kind-of unsafe to the system too.

I'd rather have the tool invoke sudo by itselves for the things it needs it for, rather than wrapping the entire program in sudo.

This is especially the case for local (non-ci) builds.
This commit is contained in:
Tom van Dijk 2025-03-13 16:03:17 +01:00 committed by Gerald Pinder
parent 100278fb9c
commit 9963758a91
1 changed files with 1 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

9
process/drivers/podman_driver.rs
View file

@ -403,10 +403,6 @@ impl RunDriver for PodmanDriver {
fn run(opts: &RunOpts) -> Result<ExitStatus> {
trace!("PodmanDriver::run({opts:#?})");
if !nix::unistd::Uid::effective().is_root() {
bail!("You must be root to run privileged podman!");
}
let cid_path = TempDir::new().into_diagnostic()?;
let cid_file = cid_path.path().join("cid");
@ -426,10 +422,6 @@ impl RunDriver for PodmanDriver {
fn run_output(opts: &RunOpts) -> Result<std::process::Output> {
trace!("PodmanDriver::run_output({opts:#?})");
if !nix::unistd::Uid::effective().is_root() {
bail!("You must be root to run privileged podman!");
}
let cid_path = TempDir::new().into_diagnostic()?;
let cid_file = cid_path.path().join("cid");
@ -529,6 +521,7 @@ impl RunDriver for PodmanDriver {
fn podman_run(opts: &RunOpts, cid_file: &Path) -> Command {
let command = cmd!(
if opts.priviledged && !nix::unistd::Uid::effective().is_root() => "sudo",
"podman",
"run",
format!("--cidfile={}", cid_file.display()),