aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org>2019-12-01 08:09:33 +0700
committerWilly Sudiarto Raharjo <willysr@slackbuilds.org>2019-12-01 08:09:33 +0700
commit7f8489d5ef1a04f0eff9e58f6d6fd6fb28b59908 (patch)
tree4eb0c85179753ed5b76902d21a5148a65183885a
parent7f184736aaab928e8cdf8b1e1f17fe169b82df6d (diff)
system/sargon: Added (User privilege system for docker).
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
-rw-r--r--system/sargon/README8
-rw-r--r--system/sargon/doinst.sh14
-rw-r--r--system/sargon/rc.sargon50
-rw-r--r--system/sargon/sargon.SlackBuild93
-rw-r--r--system/sargon/sargon.default10
-rw-r--r--system/sargon/sargon.info10
-rw-r--r--system/sargon/sargon.json2
-rw-r--r--system/sargon/slack-desc19
8 files changed, 206 insertions, 0 deletions
diff --git a/system/sargon/README b/system/sargon/README
new file mode 100644
index 0000000000000..1b3fbb636bd84
--- /dev/null
+++ b/system/sargon/README
@@ -0,0 +1,8 @@
+User privilege system for docker that controls container and volume
+creation. It enables the administrator to exercise control over the
+containers that users are allowed to create and decide whether to permit
+creation of privileged containers, what parts of the host file system
+can be visible to containers via bind or volume mechanism, what memory
+limits to apply, etc.
+
+User privileges are kept in LDAP.
diff --git a/system/sargon/doinst.sh b/system/sargon/doinst.sh
new file mode 100644
index 0000000000000..8c4165ff18f67
--- /dev/null
+++ b/system/sargon/doinst.sh
@@ -0,0 +1,14 @@
+#! /bin/sh
+config() {
+ NEW="$1"
+ OLD="`dirname $NEW`/`basename $NEW .new`"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+config etc/rc.d/rc.sargon.new
diff --git a/system/sargon/rc.sargon b/system/sargon/rc.sargon
new file mode 100644
index 0000000000000..a73ccef363805
--- /dev/null
+++ b/system/sargon/rc.sargon
@@ -0,0 +1,50 @@
+#! /bin/sh
+
+CMD=sargon
+OPTIONS=
+
+test -r /etc/default/sargon && . /etc/default/sargon
+
+if [ "$SARGON_TRACE" = "yes" ]; then
+ OPTIONS="$OPTIONS${OPTIONS:+ }-trace"
+fi
+
+if [ "$SARGON_DEBUG" = "yes" ]; then
+ OPTIONS="$OPTIONS${OPTIONS:+ }-debug"
+fi
+
+sargon_start() {
+ if [ -n "$(/sbin/pidof $CMD)" ]; then
+ echo >&2 "$0: $CMD is already running"
+ else
+ /usr/bin/$CMD $OPTIONS | /usr/bin/logger -t $CMD -p daemon.info &
+ fi
+}
+
+sargon_stop() {
+ /usr/bin/pkill $CMD
+}
+
+sargon_status() {
+ pid=$(/sbin/pidof $CMD)
+ if [ -n "$pid" ]; then
+ echo "$CMD is running (pid $pid)"
+ else
+ echo "$CMD is not running"
+ fi
+}
+
+case $1 in
+ start)
+ sargon_start
+ ;;
+ stop)
+ sargon_stop
+ ;;
+ restart)
+ sargon_stop
+ sargon_start
+ ;;
+ status)
+ sargon_status
+esac
diff --git a/system/sargon/sargon.SlackBuild b/system/sargon/sargon.SlackBuild
new file mode 100644
index 0000000000000..f5a648a05ecfd
--- /dev/null
+++ b/system/sargon/sargon.SlackBuild
@@ -0,0 +1,93 @@
+#!/bin/sh
+
+# Slackware build script for sargon
+
+# Copyright 2019 Sergey Poznyakoff <gray@gnu.org>
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+PRGNAM=sargon
+VERSION=${VERSION:-1.0}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) ARCH=i586 ;;
+ arm*) ARCH=arm ;;
+ *) ARCH=$( uname -m ) ;;
+ esac
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
+cd $PRGNAM-$VERSION
+chown -R root:root .
+find -L . \
+ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
+ -o -perm 511 \) -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
+ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+
+# Make sure go binary is in PATH
+if [ -x /etc/profile.d/go.sh ]; then
+ . /etc/profile.d/go.sh
+fi
+
+# Build the project
+go mod init sargon
+go build
+
+# Create installation filesystem
+mkdir -p $PKG/usr/bin $PKG/etc/rc.d $PKG/etc/default $PKG/etc/docker $PKG/install
+
+# Install the binary
+cp sargon $PKG/usr/bin
+find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | \
+ grep ELF | \
+ cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+
+# Install startup script and configuration file.
+cp $CWD/rc.sargon $PKG/etc/rc.d/rc.sargon.new
+chmod 644 $PKG/etc/rc.d/rc.sargon.new
+cp $CWD/sargon.json $PKG/etc/docker
+cp $CWD/sargon.default $PKG/etc/default/sargon
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a \
+ README.md sargon.schema \
+ $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+cp $CWD/doinst.sh $PKG/install/doinst.sh
+cp $CWD/slack-desc $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
diff --git a/system/sargon/sargon.default b/system/sargon/sargon.default
new file mode 100644
index 0000000000000..27d5403bc32e2
--- /dev/null
+++ b/system/sargon/sargon.default
@@ -0,0 +1,10 @@
+# Startup defaults for sargon docker plugin.
+#
+# This file is a valid shell script defining variables that control
+# the startup of the sargon daemon by /etc/rc.d/rc.sargon.
+
+# Change to "yes" in order to enable tracing of the decisions taken by sargon.
+SARGON_TRACE=no
+
+# Change to "yes" to enable verbose debugging.
+SARGON_DEBUG=no
diff --git a/system/sargon/sargon.info b/system/sargon/sargon.info
new file mode 100644
index 0000000000000..9532b7a0a61c6
--- /dev/null
+++ b/system/sargon/sargon.info
@@ -0,0 +1,10 @@
+PRGNAM="sargon"
+VERSION="1.0"
+HOMEPAGE="https://github.com/graygnuorg/sargon"
+DOWNLOAD="https://github.com/graygnuorg/sargon/archive/v1.0/sargon-1.0.tar.gz"
+MD5SUM="158b725c02b4bdf377d2b08790f2a770"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+REQUIRES="google-go-lang"
+MAINTAINER="Sergey Poznyakoff"
+EMAIL="gray@gnu.org"
diff --git a/system/sargon/sargon.json b/system/sargon/sargon.json
new file mode 100644
index 0000000000000..e73b0d7b99f9b
--- /dev/null
+++ b/system/sargon/sargon.json
@@ -0,0 +1,2 @@
+{ "pidfile":"/var/run/sargon.pid" }
+
diff --git a/system/sargon/slack-desc b/system/sargon/slack-desc
new file mode 100644
index 0000000000000..aa5f19f39ebec
--- /dev/null
+++ b/system/sargon/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+ |-----handy-ruler------------------------------------------------------|
+sargon: sargon (User privilege system for docker)
+sargon:
+sargon: Docker authorization plugin that controls container and volume
+sargon: creation. It enables the administrator to exercise control over the
+sargon: containers that users are allowed to create and decide whether to
+sargon: permit creation of privileged containers, what parts of the host file
+sargon: system can be visible to containers via bind or volume mechanism,
+sargon: what memory limits to apply, etc.
+sargon:
+sargon: Homepage: https://github.com/graygnuorg/sargon
+sargon: