mirror of
https://github.com/kemko/nomad.git
synced 2026-01-08 19:35:41 +03:00
865ee8d37c
This PR fixes the artifact sandbox (new in Nomad 1.5) to allow downloading artifacts into the shared 'alloc' directory made available to each task in a common allocation. Previously we assumed the 'alloc' dir would be mounted under the 'task' dir, but this is only the case in fs isolation: chroot; in other modes the alloc dir is elsewhere.
43 lines
926 B
Go
43 lines
926 B
Go
//go:build !linux && !windows
|
|
|
|
package getter
|
|
|
|
import (
|
|
"path/filepath"
|
|
"syscall"
|
|
)
|
|
|
|
// attributes returns the system process attributes to run
|
|
// the sandbox process with
|
|
func attributes() *syscall.SysProcAttr {
|
|
uid, gid := credentials()
|
|
return &syscall.SysProcAttr{
|
|
Credential: &syscall.Credential{
|
|
Uid: uid,
|
|
Gid: gid,
|
|
},
|
|
}
|
|
}
|
|
|
|
// credentials returns the credentials of the user Nomad is running as
|
|
func credentials() (uint32, uint32) {
|
|
uid := syscall.Getuid()
|
|
gid := syscall.Getgid()
|
|
return uint32(uid), uint32(gid)
|
|
}
|
|
|
|
// defaultEnvironment is the default minimal environment variables for Unix-like
|
|
// operating systems.
|
|
func defaultEnvironment(taskDir string) map[string]string {
|
|
tmpDir := filepath.Join(taskDir, "tmp")
|
|
return map[string]string{
|
|
"PATH": "/usr/local/bin:/usr/bin:/bin",
|
|
"TMPDIR": tmpDir,
|
|
}
|
|
}
|
|
|
|
// lockdown applies only to Linux
|
|
func lockdown(string, string) error {
|
|
return nil
|
|
}
|