dev/features: improve enter_service

Read uid/gid directly from the service pid.

This makes this fn work with arbitrary services, and with `bitcoind`,
where, for historical reasons, the service user name (`bitcoin`) doesn't
equal the service name.
This commit is contained in:
Erik Arvstedt 2023-02-04 13:21:40 +01:00
parent 479e21a122
commit 2c3fa63baa
No known key found for this signature in database
GPG Key ID: 33312B944DD97846

View File

@ -56,9 +56,10 @@ ls -al /var/lib/containers/nb-test
# Start a shell in the context of a service process. # Start a shell in the context of a service process.
# Must be run inside the container (enter with cmd `c`). # Must be run inside the container (enter with cmd `c`).
enter_service() { enter_service() {
local name=$1 name=$1
nsenter --all -t "$(systemctl show -p MainPID --value "$name")" \ pid=$(systemctl show -p MainPID --value "$name")
--setuid "$(id -u "$name")" --setgid "$(id -g "$name")" bash IFS=- read -r uid gid < <(stat -c "%u-%g" "/proc/$pid")
nsenter --all -t "$pid" --setuid "$uid" --setgid "$gid" bash
} }
enter_service clightning enter_service clightning