asdf

2024-06-27 09:18:41 +00:00 · 2022-10-19 14:53:03 +01:00 · 2022-10-19 14:53:03 +01:00 · 0496560938
commit 0496560938
parent e4a62fc9dd
5 changed files with 16 additions and 8 deletions
--- a/4
+++ b/4
@ -1,4 +1,4 @@
-VER := 0.3.3d
+VER := 0.3.4

 all:
 	make -C guest
@ -48,6 +48,8 @@ FILES_PROVISION += "segfault-$(VER)/provision/funcs_al2.sh"
 FILES_PROVISION += "segfault-$(VER)/provision/funcs_ubuntu.sh"
 FILES_PROVISION += "segfault-$(VER)/provision/init-linux.sh"
 FILES_PROVISION += "segfault-$(VER)/provision/system/funcs"
+FILES_PROVISION += "segfault-$(VER)/provision/system/docker_limit.slice"
+FILES_PROVISION += "segfault-$(VER)/provision/system/daemon.json"
 FILES_PROVISION += "segfault-$(VER)/provision/env.example"

 FILES_ENCFSD += "segfault-$(VER)/encfsd/Makefile"
--- a/encfsd/encfsd.sh
+++ b/encfsd/encfsd.sh
@ -26,7 +26,7 @@ do_exit_err()
 xmkdir()
 {
 	[[ -z $1 ]] && return 255
-	[[ -d "$1" ]] && return
+	[[ -d "$1" ]] && return 0
 	mkdir "$1"
 }

@ -37,6 +37,7 @@ encfs_mkdir()
 	local name
 	local secdir
 	local rawdir
+
 	name="$1"
 	secdir="$2"
 	rawdir="$3"
@ -162,13 +163,15 @@ redis_loop_forever()
 		secdir="/encfs/sec/user-${name}"
 		rawdir="/encfs/raw/user/user-${name}"
 		encfs_mkdir "${name}" "${secdir}" "${rawdir}"
-		[[ $? -eq 1 ]] && mount_done "${name}" "${reqid}"
-		[[ $? -ne 0 ]] && continue
+		ret=$?
+		[[ $ret -eq 1 ]] && mount_done "${name}" "${reqid}"
+		[[ $ret -ne 0 ]] && continue

 		# HERE: Not yet mounted.
 		# Set XFS limits
 		load_limits "${name}"
 		[[ -n $SF_USER_FS_INODE_MAX ]] || [[ -n $SF_USER_FS_BYTES_MAX ]] && {
+
 			SF_NUM=$(<"/config/db/db-${name}/num") || continue
 			SF_HOSTNAME=$(<"/config/db/db-${name}/hostname") || continue
 			prjid=$((SF_NUM + 10000000))
@ -178,6 +181,7 @@ redis_loop_forever()
 			is_xfs_limit=1
 		}

+
 		# Mount if not already mounted. Continue on error (let client hang)
 		encfs_mount "${name}" "${secret}" "${secdir}" "${rawdir}" "noatime" "/sec (INODE_MAX=${SF_USER_FS_INODE_MAX}, BYTES_MAX=${SF_USER_FS_BYTES_MAX})" || continue

--- a/guest/Dockerfile
+++ b/guest/Dockerfile
@ -81,7 +81,7 @@ RUN	apt-get update -y \
 	&& DEBIAN_FRONTEND=noninteractive /pkg-install.sh HACK apt-get install -y --no-install-recommends \
 		assetfinder \
 		dnsmap \
-		fuff \
+		ffuf \
 		hydra \
 		gobuster \
 		irssi \
--- a/provision/init-linux.sh
+++ b/provision/init-linux.sh
@ -212,8 +212,10 @@ docker_config()
  xinstall daemon.json /etc/docker/
  xinstall docker_limit.slice /etc/systemd/system/ && {
    ncpu=$(nproc)
-    [[ -n $ncpu ]] && ncpu=1
-    sed  "s/CPUQuota=.*/CPUQuota=${ncpu}00%/" -i /etc/systemd/system/docker_limit.slice
+    [[ -z $ncpu ]] && ncpu=1
+    # Always reserver 5% for host
+    maxp=$((ncpu * 100 - 5))
+    sed  "s/CPUQuota=.*/CPUQuota=${maxp}%/" -i /etc/systemd/system/docker_limit.slice
    sed 's/^Restart=always.*$/Restart=on-failure\nSlice=docker_limit.slice/' -i /lib/systemd/system/docker.service
    sed 's/^OOMScoreAdjust=.*$/OOMScoreAdjust=-1000/' -i /lib/systemd/system/docker.service
  }
--- a/sfbin/sf
+++ b/sfbin/sf
@ -34,7 +34,7 @@ xfs_init_quota()

 	command -v xfs_quota &>/dev/null || { WARN "[${prj}] XFS-QUOTA not set"; return 255; }

-	grep "^${prj}" /etc/projid >/dev/null || echo "${prj}:${id}" >>/etc/projid
+	grep "^${prj}" /etc/projid &>/dev/null || echo "${prj}:${id}" >>/etc/projid
 	# This survives a reboot but maybe our parameters have changed. Set to latest:
 	xfs_quota -x -c "limit -p ihard=${ihard} bhard=${bhard} ${prj}" || { WARN "[${prj}] XFS-QUOTA not set"; return 255; }
 	xfs_quota -x -c "project -s -p${dir} ${prj}" >/dev/null || { WARN "[${prj}] XFS-QUOTA not set"; return 255; }