adjust tests and allow other users

2026-04-08 03:01:29 -07:00 · 2025-12-21 00:42:35 +00:00
parent 0889741864
commit f9b724931f
11 changed files with 614 additions and 163 deletions
--- a/install/production-filesystem/entrypoint.d/10-mounts.py
+++ b/install/production-filesystem/entrypoint.d/10-mounts.py
@@ -1,5 +1,20 @@
 #!/usr/bin/env python3

+"""
+Mount Diagnostic Tool
+
+Analyzes container mount points for permission issues, persistence risks, and performance problems.
+
+TODO: Future Enhancements (Roadmap Step 3 & 4)
+1. Text-based Output: Replace emoji status indicators (✅, ❌) with plain text (e.g., [OK], [FAIL])
+   to ensure compatibility with all terminal types and logging systems.
+2. OverlayFS/Copy-up Support: Improve detection logic for filesystems like Synology's OverlayFS
+   where files may appear writable but fail on specific operations (locking, mmap).
+3. Root-to-User Context: Ensure this tool remains accurate when the container starts as root
+   to fix permissions and then drops privileges to the 'netalertx' user. The check should
+   reflect the *effective* permissions of the application user.
+"""
+
 import os
 import sys
 from dataclasses import dataclass
@@ -80,7 +95,21 @@ def _resolve_writeable_state(target_path: str) -> bool:
        seen.add(current)

        if os.path.exists(current):
-            return os.access(current, os.W_OK)
+            if not os.access(current, os.W_OK):
+                return False
+            
+            # OverlayFS/Copy-up check: Try to actually write a file to verify
+            if os.path.isdir(current):
+                test_file = os.path.join(current, f".netalertx_write_test_{os.getpid()}")
+                try:
+                    with open(test_file, "w") as f:
+                        f.write("test")
+                    os.remove(test_file)
+                    return True
+                except OSError:
+                    return False
+            
+            return True

        parent_dir = os.path.dirname(current)
        if not parent_dir or parent_dir == current:
--- a/install/production-filesystem/entrypoint.d/15-first-run-config.sh
+++ b/install/production-filesystem/entrypoint.d/15-first-run-config.sh
@@ -7,7 +7,7 @@ if [ ! -f "${NETALERTX_CONFIG}/app.conf" ]; then
        >&2 echo "ERROR: Failed to create config directory ${NETALERTX_CONFIG}"
        exit 1
    }
-    install -m 600 -o ${NETALERTX_USER} -g ${NETALERTX_GROUP} /app/back/app.conf "${NETALERTX_CONFIG}/app.conf" || {
+    install -m 600 /app/back/app.conf "${NETALERTX_CONFIG}/app.conf" || {
        >&2 echo "ERROR: Failed to deploy default config to ${NETALERTX_CONFIG}/app.conf"
        exit 2
    }
--- a/install/production-filesystem/entrypoint.d/30-apply-conf-override.sh
+++ b/install/production-filesystem/entrypoint.d/30-apply-conf-override.sh
@@ -13,9 +13,7 @@ mkdir -p "$(dirname "$NETALERTX_CONFIG")" || {
 rm -f "$OVERRIDE_FILE"

 # Check if APP_CONF_OVERRIDE is set
-if [ -z "$APP_CONF_OVERRIDE" ]; then
-    >&2 echo "APP_CONF_OVERRIDE is not set. Skipping override config file creation."
-else
+if [ -n "$APP_CONF_OVERRIDE" ]; then
    # Save the APP_CONF_OVERRIDE env variable as a JSON file
    echo "$APP_CONF_OVERRIDE" > "$OVERRIDE_FILE" || {
        >&2 echo "ERROR: Failed to write override config to $OVERRIDE_FILE"