Port envd from e2b with internalized shared packages and Connect RPC
- Copy envd source from e2b-dev/infra, internalize shared dependencies
into envd/internal/shared/ (keys, filesystem, id, smap, utils)
- Switch from gRPC to Connect RPC for all envd services
- Update module paths to git.omukk.dev/wrenn/{sandbox,sandbox/envd}
- Add proto specs (process, filesystem) with buf-based code generation
- Implement full envd: process exec, filesystem ops, port forwarding,
cgroup management, MMDS integration, and HTTP API
- Update main module dependencies (firecracker SDK, pgx, goose, etc.)
- Remove placeholder .gitkeep files replaced by real implementations
This commit is contained in:
96
envd/internal/permissions/path.go
Normal file
96
envd/internal/permissions/path.go
Normal file
@ -0,0 +1,96 @@
|
||||
package permissions
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
"os/user"
|
||||
"path/filepath"
|
||||
"slices"
|
||||
|
||||
"git.omukk.dev/wrenn/sandbox/envd/internal/execcontext"
|
||||
)
|
||||
|
||||
func expand(path, homedir string) (string, error) {
|
||||
if len(path) == 0 {
|
||||
return path, nil
|
||||
}
|
||||
|
||||
if path[0] != '~' {
|
||||
return path, nil
|
||||
}
|
||||
|
||||
if len(path) > 1 && path[1] != '/' && path[1] != '\\' {
|
||||
return "", errors.New("cannot expand user-specific home dir")
|
||||
}
|
||||
|
||||
return filepath.Join(homedir, path[1:]), nil
|
||||
}
|
||||
|
||||
func ExpandAndResolve(path string, user *user.User, defaultPath *string) (string, error) {
|
||||
path = execcontext.ResolveDefaultWorkdir(path, defaultPath)
|
||||
|
||||
path, err := expand(path, user.HomeDir)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to expand path '%s' for user '%s': %w", path, user.Username, err)
|
||||
}
|
||||
|
||||
if filepath.IsAbs(path) {
|
||||
return path, nil
|
||||
}
|
||||
|
||||
// The filepath.Abs can correctly resolve paths like /home/user/../file
|
||||
path = filepath.Join(user.HomeDir, path)
|
||||
|
||||
abs, err := filepath.Abs(path)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to resolve path '%s' for user '%s' with home dir '%s': %w", path, user.Username, user.HomeDir, err)
|
||||
}
|
||||
|
||||
return abs, nil
|
||||
}
|
||||
|
||||
func getSubpaths(path string) (subpaths []string) {
|
||||
for {
|
||||
subpaths = append(subpaths, path)
|
||||
|
||||
path = filepath.Dir(path)
|
||||
if path == "/" {
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
slices.Reverse(subpaths)
|
||||
|
||||
return subpaths
|
||||
}
|
||||
|
||||
func EnsureDirs(path string, uid, gid int) error {
|
||||
subpaths := getSubpaths(path)
|
||||
for _, subpath := range subpaths {
|
||||
info, err := os.Stat(subpath)
|
||||
if err != nil && !os.IsNotExist(err) {
|
||||
return fmt.Errorf("failed to stat directory: %w", err)
|
||||
}
|
||||
|
||||
if err != nil && os.IsNotExist(err) {
|
||||
err = os.Mkdir(subpath, 0o755)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to create directory: %w", err)
|
||||
}
|
||||
|
||||
err = os.Chown(subpath, uid, gid)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to chown directory: %w", err)
|
||||
}
|
||||
|
||||
continue
|
||||
}
|
||||
|
||||
if !info.IsDir() {
|
||||
return fmt.Errorf("path is a file: %s", subpath)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user