Use chainload trick to make sure an initialize script runs as root
This commit is contained in:
Sander van der Burg
Sander van der Burg
parent
a3ee7a720d
commit
368496f4a5
|
|
@ -21,6 +21,7 @@
|
||||||
, postInstall
|
, postInstall
|
||||||
}:
|
}:
|
||||||
|
|
||||||
|
# TODO:
|
||||||
# umask unsupported
|
# umask unsupported
|
||||||
# nice unsupported
|
# nice unsupported
|
||||||
|
|
||||||
|
|
@ -35,15 +36,20 @@ let
|
||||||
inherit stdenv lib writeTextFile;
|
inherit stdenv lib writeTextFile;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
_user = util.determineUser {
|
||||||
|
inherit user forceDisableUserChange;
|
||||||
|
};
|
||||||
|
|
||||||
cmd = if foregroundProcess != null
|
cmd = if foregroundProcess != null
|
||||||
then
|
then
|
||||||
if initialize == null
|
if initialize == ""
|
||||||
then [ foregroundProcess ] ++ foregroundProcessArgs
|
then [ foregroundProcess ] ++ foregroundProcessArgs
|
||||||
else
|
else
|
||||||
let
|
let
|
||||||
wrapper = generateForegroundProxy ({
|
wrapper = generateForegroundProxy ({
|
||||||
wrapDaemon = false;
|
wrapDaemon = false;
|
||||||
executable = foregroundProcess;
|
executable = foregroundProcess;
|
||||||
|
user = _user;
|
||||||
inherit name initialize runtimeDir stdenv;
|
inherit name initialize runtimeDir stdenv;
|
||||||
} // lib.optionalAttrs (instanceName != null) {
|
} // lib.optionalAttrs (instanceName != null) {
|
||||||
inherit instanceName;
|
inherit instanceName;
|
||||||
|
|
@ -57,6 +63,7 @@ let
|
||||||
wrapper = generateForegroundProxy ({
|
wrapper = generateForegroundProxy ({
|
||||||
wrapDaemon = true;
|
wrapDaemon = true;
|
||||||
executable = daemon;
|
executable = daemon;
|
||||||
|
user = _user;
|
||||||
inherit name runtimeDir initialize stdenv;
|
inherit name runtimeDir initialize stdenv;
|
||||||
} // lib.optionalAttrs (instanceName != null) {
|
} // lib.optionalAttrs (instanceName != null) {
|
||||||
inherit instanceName;
|
inherit instanceName;
|
||||||
|
|
@ -77,10 +84,6 @@ let
|
||||||
|
|
||||||
credentialsSpec = createCredentials credentials;
|
credentialsSpec = createCredentials credentials;
|
||||||
|
|
||||||
_user = util.determineUser {
|
|
||||||
inherit user forceDisableUserChange;
|
|
||||||
};
|
|
||||||
|
|
||||||
generatedDockerImageArgs = {
|
generatedDockerImageArgs = {
|
||||||
inherit name;
|
inherit name;
|
||||||
tag = "latest";
|
tag = "latest";
|
||||||
|
|
@ -95,7 +98,7 @@ let
|
||||||
Env = map (varName: "${varName}=${toString (builtins.getAttr varName _environment)}") (builtins.attrNames _environment);
|
Env = map (varName: "${varName}=${toString (builtins.getAttr varName _environment)}") (builtins.attrNames _environment);
|
||||||
} // lib.optionalAttrs (directory != null) {
|
} // lib.optionalAttrs (directory != null) {
|
||||||
WorkingDir = directory;
|
WorkingDir = directory;
|
||||||
} // lib.optionalAttrs (_user != null) {
|
} // lib.optionalAttrs (_user != null && initialize == "") {
|
||||||
User = _user;
|
User = _user;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue