Add capabilities at build

2026-03-09 18:46:36 +01:00
parent 47c3c979e5
commit da001da48f
14 changed files with 881 additions and 105 deletions
--- a/30
+++ b/30
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+helper_pid=""
+
+cleanup() {
+  if [[ -n $helper_pid ]]; then
+    kill "$helper_pid" >/dev/null 2>&1 || true
+    wait "$helper_pid" >/dev/null 2>&1 || true
+  fi
+}
+
+trap cleanup EXIT INT TERM HUP
+
+if [[ $# -eq 0 ]]; then
+  set -- codex
+fi
+
+if [[ $(id -u) -eq 0 ]]; then
+  helper_dir=${SLOPTRAP_HELPER_DIR:-/run/sloptrap-helper}
+  mkdir -p "$helper_dir/queue"
+  chmod 700 "$helper_dir"
+  if [[ -n ${SLOPTRAP_ACTIVE_CAPABILITIES:-} ]]; then
+    /usr/local/bin/sloptrap-helperd &
+    helper_pid=$!
+  fi
+  exec runuser -u sloptrap --preserve-environment -- "$@"
+fi
+
+exec "$@"