Skip to content

Commit

Permalink
Merge main/resolve conflicts
Browse files Browse the repository at this point in the history
  • Loading branch information
marcua committed Jan 20, 2025
2 parents 010d218 + 86d990e commit 86a14fa
Show file tree
Hide file tree
Showing 4 changed files with 31 additions and 6 deletions.
3 changes: 2 additions & 1 deletion src/error.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,12 @@ pub enum AybError {
CantSetOwnerPermissions { message: String },
DurationParseError { message: String },
NoWriteAccessError { message: String },
QueryError { message: String },
RecordNotFound { id: String, record_type: String },
S3ExecutionError { message: String },
S3ConnectionError { message: String },
SnapshotError { message: String },
SnapshotDoesNotExistError,
RecordNotFound { id: String, record_type: String },
Other { message: String },
}

Expand Down
20 changes: 15 additions & 5 deletions src/hosted_db/sqlite.rs
Original file line number Diff line number Diff line change
Expand Up @@ -89,12 +89,22 @@ pub async fn potentially_isolated_sqlite_query(
if let Some(isolation) = isolation {
let result =
run_in_sandbox(Path::new(&isolation.nsjail_path), path, query, query_mode).await?;

if !result.stderr.is_empty() {
let error: AybError = serde_json::from_str(&result.stderr)?;
return Err(error);
let error: Result<AybError, _> = serde_json::from_str(&result.stderr);
// If the error could be deserialized into an AybError,
// return that. Otherwise, create a more generic AybError
// to at least surface an issue.
return match error {
Ok(error) => Err(error),
Err(_error) => Err(AybError::QueryError {
message: format!(
"Error message from sandboxed query runner: {}",
result.stderr
),
}),
};
} else if result.status != 0 {
return Err(AybError::Other {
return Err(AybError::QueryError {
message: format!(
"Error status from sandboxed query runner: {}",
result.status
Expand All @@ -104,7 +114,7 @@ pub async fn potentially_isolated_sqlite_query(
let query_result: QueryResult = serde_json::from_str(&result.stdout)?;
return Ok(query_result);
} else {
return Err(AybError::Other {
return Err(AybError::QueryError {
message: "No results from sandboxed query runner".to_string(),
});
}
Expand Down
8 changes: 8 additions & 0 deletions tests/run_localstack.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/bin/bash

localstack stop
echo "#!/bin/bash" > tests/localstack_init.sh
echo "awslocal s3 mb s3://bucket" >> tests/localstack_init.sh
chmod +x tests/localstack_init.sh
SCRIPT_PATH=$(realpath "tests/localstack_init.sh")
DOCKER_FLAGS="-v ${SCRIPT_PATH}:/etc/localstack/init/ready.d/init-aws.sh" localstack start -d --network ls
6 changes: 6 additions & 0 deletions tests/set_up_e2e_env.sh
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,15 @@ source tests/test-env/bin/activate || python3 -m venv tests/test-env && source t
# Install requirements
pip install aiosmtpd awscli localstack

# Start LocalStack
tests/run_localstack.sh

# Build and install nsjail
# On Ubuntu, assumes these requirements: sudo apt-get install -y libprotobuf-dev protobuf-compiler libnl-route-3-dev
scripts/build_nsjail.sh
mv nsjail tests/

# Starting with Ubuntu 24.x, nsjail won't run with default permissions
# (https://github.com/google/nsjail/issues/236).
sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

0 comments on commit 86a14fa

Please sign in to comment.