mirror of
https://github.com/Start9Labs/start-os.git
synced 2026-03-26 02:11:53 +00:00
2aa910a3e8
After setuid, the kernel clears the dumpable flag, making /proc/self/
entries owned by root. This broke open("/dev/stderr") for non-root
users inside subcontainers. The previous fix (chowning /proc/self/fd/*)
was dangerous because it chowned whatever file the FD pointed to (could
be the journal socket).
The proper fix is prctl(PR_SET_DUMPABLE, 1) after setuid, which restores
/proc/self/ ownership to the current uid.
Additionally, adds a `pipe-wrap` subcommand that wraps a child process
with piped stdout/stderr, relaying to the original FDs. This ensures all
descendants inherit pipes (which support re-opening via /proc/self/fd/N)
even when the outermost FDs are journal sockets. container-runtime.service
now uses this wrapper.
With pipe-wrap guaranteeing pipe-based FDs, the exec and launch non-TTY
paths no longer need their own pipe+relay threads, eliminating the bug
where exec would hang when a child daemonized (e.g. pg_ctl start).
StartOS Backend
- Requirements:
- Install Rust
- Recommended: rust-analyzer
- Docker
Structure
startos: This contains the core library for StartOS that supports buildingstartbox.helpers: This contains utility functions used across bothstartosandjs-enginemodels: This contains types that are shared acrossstartos,js-engine, andhelpers
Artifacts
The StartOS backend is packed into a single binary startbox that is symlinked under
several different names for different behavior:
startd: This is the main daemon of StartOSstart-cli: This is a CLI tool that will allow you to issue commands tostartdand control it similarly to the UIstart-sdk: This is a CLI tool that aids in building and packaging services you wish to deploy to StartOS
Documentation
- ARCHITECTURE.md — Backend architecture, modules, and patterns
- CONTRIBUTING.md — How to contribute to core