fix(podman): harden sandbox callbacks#2111
Conversation
|
/ok to test 74eb820 |
| const VOLUME_PREFIX: &str = "openshell-sandbox-"; | ||
|
|
||
| /// Secret name prefix for per-sandbox gateway JWTs. | ||
| const TOKEN_SECRET_PREFIX: &str = "openshell-token-"; |
There was a problem hiding this comment.
Do secret names allow "namespacing"? (i.e. would something like token.openshell/ be valid)?
| pub gateway_tls_enabled: bool, | ||
| /// Whether gateway callbacks are protected by an auth mechanism. | ||
| #[serde(skip)] | ||
| pub gateway_callback_auth_enabled: bool, |
There was a problem hiding this comment.
nit: I would assume that these gateway-specific properties are shared across other drivers. Does it make sense to embed them in a struct?
| uid: 0, | ||
| gid: 0, |
There was a problem hiding this comment.
UID=0 and GID=0 are the defaults. Also, does this need to be readable by any other users? (we only specified ro when this was handled as a mount).
|
@maxamillion, is the use of Podman secrets separate from the callback changes? If so, could we pull the secret changes into a separate PR? They independently fix the containerized gateway token-path problem, while the callback changes affect broader behavior—for example, automatically selecting a host interface and exposing the full gateway service on the additional listener. Separating them would make both changes easier to review and test. |
|
@elezar yes, but that change is also related to fixes for issue ticket I referenced so I wasn't sure if I should break it out or leave them combined. I'm happy to split them if preferred. |
I definitely have some thoughts on the callback changes, but don't want to block the secret changes on those, so splitting them out may be cleaner. |
74eb820 to
411fc1f
Compare
|
I think the callback-listener portion needs further design work before this can merge. It adds another in-process, driver-specific gateway hook mirroring Docker’s The containerized path also skips listener discovery while the documented deployment still publishes only to host loopback, so that part of #1909 remains unresolved. Could we split out the independent diagnostics and preflight fixes? I’m working on the broader callback-listener design separately, so I’m not expecting you to resolve that design question in this PR. |
411fc1f to
f6c705e
Compare
Skip host subordinate-ID checks inside gateway containers and add actionable keep-id guidance for mounted rootless Podman socket permission failures.\n\nRefs NVIDIA#1909 Signed-off-by: Adam Miller <admiller@redhat.com>
f6c705e to
87005b3
Compare
Thanks for tightening the scope and fixing the body — it matches the diff now. One blocker and a couple of follow-ups. Blocking
Should fix
Nit
|
Summary
Improve Podman diagnostics and preflight behavior when the OpenShell gateway runs inside a container. Containerized gateways now report actionable guidance for rootless Podman socket permission failures and avoid misleading subordinate-ID warnings based on the container's filesystem rather than the Podman host.
This PR no longer changes callback listener discovery or gateway network exposure; that design work is being handled separately.
Related Issue
Refs #1909
Changes
--userns=keep-idguidance when a containerized gateway cannot access a mounted rootless Podman socket due toPermission denied./etc/subuidand/etc/subgidpreflight inside gateway containers, where those files do not describe the host running the Podman service.Testing
mise run pre-commitpasses (not run locally becausemiseis unavailable in the current environment)cargo test -p openshell-driver-podman --libcargo fmt --all -- --checkcargo clippy -p openshell-driver-podman --all-targets -- -D warningsChecklist