banger

thaloco/banger

Fork 0

Commit graph

Author	SHA1	Message	Date
Thales Maciel	59e48e830b	daemon: split owner daemon from root helper Move the supported systemd path to two services: an owner-user bangerd for orchestration and a narrow root helper for bridge/tap, NAT/resolver, dm/loop, and Firecracker ownership. This removes repeated sudo from daily vm and image flows without leaving the general daemon running as root. Add install metadata, system install/status/restart/uninstall commands, and a system-owned runtime layout. Keep user SSH/config material in the owner home, lock file_sync to the owner home, and move daemon known_hosts handling out of the old root-owned control path. Route privileged lifecycle steps through typed privilegedOps calls, harden the two systemd units, and rewrite smoke plus docs around the supported service model. Verified with make build, make test, make lint, and make smoke on the supported systemd host path.	2026-04-26 12:43:17 -03:00
Thales Maciel	2f3db9b104	fcproc: targeted tests for waitForPath + EnsureSocketAccess error paths Every non-happy branch in fcproc was zero-covered before this. Given that EnsureSocketAccess gates the firecracker control plane on the daemon's ability to chown the API + vsock sockets off root, those failure paths are exactly the ones we need pinned. New file internal/daemon/fcproc/fcproc_test.go adds a local scripted Runner (fcproc is a leaf package — can't pull the daemon's scriptedRunner in) and six tests: waitForPath: - TestWaitForPathReturnsDeadlineExceededWhenSocketNeverAppears — timeout branch wraps context.DeadlineExceeded with the label, and waits at least one poll tick before giving up - TestWaitForPathReturnsOnceSocketAppears — happy path with a mid-wait file creation via goroutine - TestWaitForPathRespectsContextCancellation — ctx.Done() beats the poll interval so a cancelled request doesn't stall EnsureSocketAccess: - TestEnsureSocketAccessChownFailureBubbles — chown error surfaces untouched; chmod not attempted when chown fails - TestEnsureSocketAccessChmodFailureBubbles — chmod error surfaces after chown succeeds - TestEnsureSocketAccessTimesOutBeforeTouchingRunner — ordering contract: no sudo calls when the socket never materialises Package function coverage moved 55.2% → 62.1%. Integration-level chown-race test was considered (run a real shell that exercises buildProcessRunner's script with a fake firecracker binary) but skipped — requires `sudo -n` in the test env and makes CI fragile. The socket-ownership regression this slice is meant to guard against is covered at the unit level here; the manual-smoke in the plan's verification section remains the end-to-end check. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-22 17:49:42 -03:00

Author

SHA1

Message

Date

Thales Maciel

59e48e830b

daemon: split owner daemon from root helper

Move the supported systemd path to two services: an owner-user bangerd for
orchestration and a narrow root helper for bridge/tap, NAT/resolver, dm/loop,
and Firecracker ownership. This removes repeated sudo from daily vm and image
flows without leaving the general daemon running as root.

Add install metadata, system install/status/restart/uninstall commands, and a
system-owned runtime layout. Keep user SSH/config material in the owner home,
lock file_sync to the owner home, and move daemon known_hosts handling out of
the old root-owned control path.

Route privileged lifecycle steps through typed privilegedOps calls, harden the
two systemd units, and rewrite smoke plus docs around the supported service
model.

Verified with make build, make test, make lint, and make smoke on the
supported systemd host path.

2026-04-26 12:43:17 -03:00

Thales Maciel

2f3db9b104

fcproc: targeted tests for waitForPath + EnsureSocketAccess error paths

Every non-happy branch in fcproc was zero-covered before this. Given
that EnsureSocketAccess gates the firecracker control plane on the
daemon's ability to chown the API + vsock sockets off root, those
failure paths are exactly the ones we need pinned.

New file internal/daemon/fcproc/fcproc_test.go adds a local scripted
Runner (fcproc is a leaf package — can't pull the daemon's
scriptedRunner in) and six tests:

waitForPath:
  - TestWaitForPathReturnsDeadlineExceededWhenSocketNeverAppears —
    timeout branch wraps context.DeadlineExceeded with the label,
    and waits at least one poll tick before giving up
  - TestWaitForPathReturnsOnceSocketAppears — happy path with a
    mid-wait file creation via goroutine
  - TestWaitForPathRespectsContextCancellation — ctx.Done() beats
    the poll interval so a cancelled request doesn't stall

EnsureSocketAccess:
  - TestEnsureSocketAccessChownFailureBubbles — chown error surfaces
    untouched; chmod not attempted when chown fails
  - TestEnsureSocketAccessChmodFailureBubbles — chmod error surfaces
    after chown succeeds
  - TestEnsureSocketAccessTimesOutBeforeTouchingRunner — ordering
    contract: no sudo calls when the socket never materialises

Package function coverage moved 55.2% → 62.1%.

Integration-level chown-race test was considered (run a real shell
that exercises buildProcessRunner's script with a fake firecracker
binary) but skipped — requires `sudo -n` in the test env and makes
CI fragile. The socket-ownership regression this slice is meant to
guard against is covered at the unit level here; the
manual-smoke in the plan's verification section remains the
end-to-end check.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-22 17:49:42 -03:00

2 commits