fix(exegol): per-engagement container + workspace location + host-editable ACLs#11
Merged
Conversation
…120s hang dotsec new now CREATES the Exegol container instead of waiting on a non-existent shared 'exegol' one. Each engagement gets exegol-<target> via 'exegol start <target> free -w <ws> --accept-eula </dev/null' (non-interactive, my-resources deployed, engagement workspace mounted at /workspace; the auto-attach fails cleanly leaving it detached). tmux_spawn skips fast when the container is absent instead of looping 120s. Container name centralised in __exegol_name (EXEGOL_CONTAINER still overrides). stop/rm act on exegol-<target>; load_cmd sources /workspace/.env.
…g exegol containers
A path-like 2nd positional (., .., /dir, ./dir, ~/dir) sets where the workspace is created (dotsec new swiss_post .); resolved to an absolute path for Docker mounts. dotsec also lays default POSIX ACLs on the workspace so files the root Exegol/proxy containers create stay editable from the host (your user keeps rwx by inheritance), instead of being root-owned.
…running container __dotsec_load_global no longer scans for a running exegol-* and forces EXEGOL_CONTAINER: with per-engagement containers that pinned 'dotsec new X' to whatever exegol-* happened to be up. Name now comes from __exegol_name (exegol-<target>); EXEGOL_CONTAINER only set if the user forces it.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
dotsec newnow CREATES a per-engagement Exegol container (exegol-<target>) non-interactively (exegol start <t> free -w <ws> --accept-eula), my-resources deployed, engagement workspace mounted at/workspace. No more 120s hang waiting on a non-existent shared container.dotsec new <target> <path>— a path-like 2nd positional (.,/dir,~/dir) sets where the workspace is created (resolved absolute).__dotsec_load_globalthat pinned every engagement to whateverexegol-*was running.Test plan
make test(70 bats) +make lintdotsec new probe <path>→exegol-probecreated,/workspacemounted, my-resources present, root-created files editable from host, workspace at the chosen path