1.0.3 — stack DNS dirs per-user#192
Merged
Merged
Conversation
lib/stack.cpp's per-stack unbound config + pidfile directory now resolves to /var/run/crate/<uid>/dns-<network>/ when the privops socket is detected. Same lazy-resolve pattern as network_lease.cpp (0.9.27). Before this fix, two operators bringing up stacks with the same network name clobbered each other's unbound.conf, pidfile, and SIGTERM target. After: each operator's DNS state lives in their own per-uid subtree. Wire/format/signatures unchanged. Suite stays at 1303.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
lib/stack.cppper-stack unbound config + pidfile directory now resolves to/var/run/crate/<uid>/dns-<network>/when the privops socket is detected. Same lazy-resolve pattern asnetwork_lease.cpp(0.9.27),network_lease6.cpp(1.0.1),spec_registry.cpp(1.0.2).Four call sites updated:
generateUnboundConf()— pidfile path in the rendered unbound config (named + default cases)startStackDns()—mkdir+ path passed tounbound -c <conf>stopStackDns()—remove_allcleanup pathBehaviour
crated)/var/run/crate/dns-<network>//var/run/crate/<uid>/dns-<network>/Why
Before this release, two operators bringing up stacks with the same network name (e.g. both have a
dbnetwork) clobbered each other's unbound.conf, fought over the same pidfile, and could deliver SIGTERM to the wrong process at teardown.Audit reclassification
The original pre-1.0.0 audit flagged
lib/pfctl_ops.cpp:28as "PfLock not per-user". On closer look that's incorrect —pf(4)is host-wide and the lock must serialize across operators, not isolate them. The real bug is thatlib/run.cppcallsPfctlOps::addRulesetc. directly, which will fail whencrate(1)runs as non-root in 1.0.0+. That fix needs the existingAddPfRuleprivops verb (plus possiblyFlushPfAnchor/LoadPfPolicynew verbs) wired through 3 call sites — bigger than a path-leak patch. Tracked for 1.1.0.Wire / API compatibility
None. The change is internal to
stack.cpp; thednsBaseDir()helper isstatic(file-local). Suite stays at 1303.Test plan
cratedrunning, two operators bring up stacks nameddb; check/var/run/crate/<alice-uid>/dns-db/and/var/run/crate/<bob-uid>/dns-db/both exist with separate unbound processescrated) —/var/run/crate/dns-db/still usedGenerated by Claude Code