From 0496560938128b59e3c1ccffad9e79749a61ab0f Mon Sep 17 00:00:00 2001 From: SkyperTHC Date: Wed, 19 Oct 2022 14:53:03 +0100 Subject: [PATCH] asdf --- Makefile | 4 +++- encfsd/encfsd.sh | 10 +++++++--- guest/Dockerfile | 2 +- provision/init-linux.sh | 6 ++++-- sfbin/sf | 2 +- 5 files changed, 16 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index aa58ef0..0ff991e 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -VER := 0.3.3d +VER := 0.3.4 all: make -C guest @@ -48,6 +48,8 @@ FILES_PROVISION += "segfault-$(VER)/provision/funcs_al2.sh" FILES_PROVISION += "segfault-$(VER)/provision/funcs_ubuntu.sh" FILES_PROVISION += "segfault-$(VER)/provision/init-linux.sh" FILES_PROVISION += "segfault-$(VER)/provision/system/funcs" +FILES_PROVISION += "segfault-$(VER)/provision/system/docker_limit.slice" +FILES_PROVISION += "segfault-$(VER)/provision/system/daemon.json" FILES_PROVISION += "segfault-$(VER)/provision/env.example" FILES_ENCFSD += "segfault-$(VER)/encfsd/Makefile" diff --git a/encfsd/encfsd.sh b/encfsd/encfsd.sh index fc636c8..c2b01fa 100755 --- a/encfsd/encfsd.sh +++ b/encfsd/encfsd.sh @@ -26,7 +26,7 @@ do_exit_err() xmkdir() { [[ -z $1 ]] && return 255 - [[ -d "$1" ]] && return + [[ -d "$1" ]] && return 0 mkdir "$1" } @@ -37,6 +37,7 @@ encfs_mkdir() local name local secdir local rawdir + name="$1" secdir="$2" rawdir="$3" @@ -162,13 +163,15 @@ redis_loop_forever() secdir="/encfs/sec/user-${name}" rawdir="/encfs/raw/user/user-${name}" encfs_mkdir "${name}" "${secdir}" "${rawdir}" - [[ $? -eq 1 ]] && mount_done "${name}" "${reqid}" - [[ $? -ne 0 ]] && continue + ret=$? + [[ $ret -eq 1 ]] && mount_done "${name}" "${reqid}" + [[ $ret -ne 0 ]] && continue # HERE: Not yet mounted. # Set XFS limits load_limits "${name}" [[ -n $SF_USER_FS_INODE_MAX ]] || [[ -n $SF_USER_FS_BYTES_MAX ]] && { + SF_NUM=$(<"/config/db/db-${name}/num") || continue SF_HOSTNAME=$(<"/config/db/db-${name}/hostname") || continue prjid=$((SF_NUM + 10000000)) @@ -178,6 +181,7 @@ redis_loop_forever() is_xfs_limit=1 } + # Mount if not already mounted. Continue on error (let client hang) encfs_mount "${name}" "${secret}" "${secdir}" "${rawdir}" "noatime" "/sec (INODE_MAX=${SF_USER_FS_INODE_MAX}, BYTES_MAX=${SF_USER_FS_BYTES_MAX})" || continue diff --git a/guest/Dockerfile b/guest/Dockerfile index e148bb2..25acd22 100644 --- a/guest/Dockerfile +++ b/guest/Dockerfile @@ -81,7 +81,7 @@ RUN apt-get update -y \ && DEBIAN_FRONTEND=noninteractive /pkg-install.sh HACK apt-get install -y --no-install-recommends \ assetfinder \ dnsmap \ - fuff \ + ffuf \ hydra \ gobuster \ irssi \ diff --git a/provision/init-linux.sh b/provision/init-linux.sh index e4a443d..7bdddd2 100755 --- a/provision/init-linux.sh +++ b/provision/init-linux.sh @@ -212,8 +212,10 @@ docker_config() xinstall daemon.json /etc/docker/ xinstall docker_limit.slice /etc/systemd/system/ && { ncpu=$(nproc) - [[ -n $ncpu ]] && ncpu=1 - sed "s/CPUQuota=.*/CPUQuota=${ncpu}00%/" -i /etc/systemd/system/docker_limit.slice + [[ -z $ncpu ]] && ncpu=1 + # Always reserver 5% for host + maxp=$((ncpu * 100 - 5)) + sed "s/CPUQuota=.*/CPUQuota=${maxp}%/" -i /etc/systemd/system/docker_limit.slice sed 's/^Restart=always.*$/Restart=on-failure\nSlice=docker_limit.slice/' -i /lib/systemd/system/docker.service sed 's/^OOMScoreAdjust=.*$/OOMScoreAdjust=-1000/' -i /lib/systemd/system/docker.service } diff --git a/sfbin/sf b/sfbin/sf index 39cb5ba..22babf5 100755 --- a/sfbin/sf +++ b/sfbin/sf @@ -34,7 +34,7 @@ xfs_init_quota() command -v xfs_quota &>/dev/null || { WARN "[${prj}] XFS-QUOTA not set"; return 255; } - grep "^${prj}" /etc/projid >/dev/null || echo "${prj}:${id}" >>/etc/projid + grep "^${prj}" /etc/projid &>/dev/null || echo "${prj}:${id}" >>/etc/projid # This survives a reboot but maybe our parameters have changed. Set to latest: xfs_quota -x -c "limit -p ihard=${ihard} bhard=${bhard} ${prj}" || { WARN "[${prj}] XFS-QUOTA not set"; return 255; } xfs_quota -x -c "project -s -p${dir} ${prj}" >/dev/null || { WARN "[${prj}] XFS-QUOTA not set"; return 255; }