feat: systemd unit acties via podman-helper Unix socket
start/stop/restart van systemd units gaan nu via de host-helper
(/run/podman-helper.sock) in plaats van directe systemctl subprocess
vanuit de container. Hiermee wordt de user namespace isolatie omzeild
die D-Bus calls vanuit de container onbetrouwbaar maakt.
- common.py: _helper_call(action, unit) toegevoegd
- app_system.py: /{action}/{unit} route gebruikt helper voor start/stop/restart
- app_containers.py: container_action() gebruikt helper
- daemon-reload en is-active blijven subprocess (read-only, werkt al)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -13,6 +13,7 @@ from fastapi import APIRouter, HTTPException
|
||||
from fastapi.responses import StreamingResponse
|
||||
from pydantic import BaseModel, Field
|
||||
from common import (
|
||||
_helper_call,
|
||||
_map_pod_to_unit,
|
||||
_podman_action_post,
|
||||
_podman_get_json,
|
||||
@@ -563,7 +564,7 @@ def init_containers_router(
|
||||
|
||||
def _systemd_call():
|
||||
if name in defined:
|
||||
code, out = systemctl_func(["systemctl", "--user", action, name])
|
||||
code, out = _helper_call(action, f"{name}.service")
|
||||
_sys["code"] = code
|
||||
_sys["out"] = out
|
||||
if code == 0:
|
||||
|
||||
Reference in New Issue
Block a user