Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DOCS-2705: Add username and env attributes for processes #3649
DOCS-2705: Add username and env attributes for processes #3649
Changes from 2 commits
0b4671e
63f0518
7711368
adb1555
37ec0df
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@zaporter-work I was not able to confirm that the
username
attribute does anything. My assumption is that it would allow us to run the process as a user?On my pi I added a process with this config:
and this little python program:
I can't see anytihng printed at all and what gets raised always indicates that the process runs as
root
.Does
username
do somethign else?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you so much for testing this!
I have just confirmed that with the newest RDK, this now works.
A slightly easier way to test that this works is via the
whoami
command:There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@zaporter-work could you confirm for me how the config for a machine reaches the machine? That's all e2e encrypted right? I think we should probably mention that here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Talked offline -- this is not e2e encrypted. The config is encrypted in transit, but is not encrypted at rest (on the robot or in our db).
That implies that you should exercise some caution when putting api keys in here as you are trusting the security of the viam database and viam employees.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems better down here +1