From ca50c6ce65ab15a5ab26ba0c9cc3167000569209 Mon Sep 17 00:00:00 2001
From: Tha14 <Tha14@users.noreply.github.com>
Date: Sun, 15 Jan 2023 22:17:15 +0200
Subject: [PATCH] fix: swarm net privileges, make wondershaper toggleable

---
 uam-swarm/docker-compose.yml | 15 ++++++++++++---
 uam-swarm/entrypoint.sh      |  6 ++++--
 uam/docker-compose.yml       |  3 ++-
 uam/entrypoint.sh            |  6 ++++--
 4 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/uam-swarm/docker-compose.yml b/uam-swarm/docker-compose.yml
index 3dabc41..abd117c 100644
--- a/uam-swarm/docker-compose.yml
+++ b/uam-swarm/docker-compose.yml
@@ -12,16 +12,19 @@ services:
       memlock: -1
     oom_score_adj: -700
     mem_swappiness: 10
+    cap_add:
+      - NET_ADMIN
     volumes:
       - "./entrypoint.sh:/opt/entrypoint.sh"
       - "/opt/uam_data/uam_1:/root/.uam"
-    command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${PPORT} $${NETLIMUP} $${NETLIMDOWN}"
+    command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${PPORT} $${NETLIMUP} $${NETLIMDOWN} $${ENABLE_WONDERSHAPER}"
     ports:
       - "127.0.0.1:17100:17099"
       - "4160:4160"
     environment:
       - PBKEY=${PBKEY?err}
       - PPORT=4160
+      - ENABLE_WONDERSHAPER=true
       - NETLIMUP=10000
       - NETLIMDOWN=18000
 
@@ -36,16 +39,19 @@ services:
       memlock: -1
     oom_score_adj: -700
     mem_swappiness: 10
+    cap_add:
+      - NET_ADMIN
     volumes:
       - "./entrypoint.sh:/opt/entrypoint.sh"
       - "/opt/uam_data/uam_2:/root/.uam"
-    command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${PPORT} $${NETLIMUP} $${NETLIMDOWN}"
+    command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${PPORT} $${NETLIMUP} $${NETLIMDOWN} $${ENABLE_WONDERSHAPER}"
     ports:
       - "127.0.0.1:17101:17099"
       - "4161:4161"
     environment:
       - PBKEY=${PBKEY?err}
       - PPORT=4161
+      - ENABLE_WONDERSHAPER=true
       - NETLIMUP=10000
       - NETLIMDOWN=18000
 
@@ -60,15 +66,18 @@ services:
       memlock: -1
     oom_score_adj: -700
     mem_swappiness: 10
+    cap_add:
+      - NET_ADMIN
     volumes:
       - "./entrypoint.sh:/opt/entrypoint.sh"
       - "/opt/uam_data/uam_3:/root/.uam"
-    command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${PPORT} $${NETLIMUP} $${NETLIMDOWN}"
+    command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${PPORT} $${NETLIMUP} $${NETLIMDOWN} $${ENABLE_WONDERSHAPER}"
     ports:
       - "127.0.0.1:17102:17099"
       - "4162:4162"
     environment:
       - PBKEY=${PBKEY?err}
       - PPORT=4162
+      - ENABLE_WONDERSHAPER=true
       - NETLIMUP=10000
       - NETLIMDOWN=18000
diff --git a/uam-swarm/entrypoint.sh b/uam-swarm/entrypoint.sh
index d75fdce..163e462 100755
--- a/uam-swarm/entrypoint.sh
+++ b/uam-swarm/entrypoint.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 cd /tmp
 apt update && apt -yq install wget libglib2.0-0 ca-certificates dnsmasq wondershaper
 update-ca-certificates
@@ -8,5 +8,7 @@ cd /opt/uam/
 echo "[net]" >> /root/.uam/uam.ini
 container_ip="$(hostname -i)"
 echo "listens=[${container_ip}]:$2" >> /root/.uam/uam.ini
-wondershaper eth0 $3 $4 &
+if [[ "$5" == "true" ]]; then
+  wondershaper eth0 $3 $4 &
+fi
 ./uam --pk $1 --http [0.0.0.0]:17099 --no-ui
diff --git a/uam/docker-compose.yml b/uam/docker-compose.yml
index 6e33270..5de6487 100644
--- a/uam/docker-compose.yml
+++ b/uam/docker-compose.yml
@@ -17,11 +17,12 @@ services:
     volumes:
       - "./entrypoint.sh:/opt/entrypoint.sh"
       - "/opt/uam_data:/root/.uam"
-    command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${NETLIMUP} $${NETLIMDOWN}"
+    command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${NETLIMUP} $${NETLIMDOWN} $${ENABLE_WONDERSHAPER}"
     ports:
       - "127.0.0.1:17099:17099"
       - "4156:4156"
     environment:
       - PBKEY=${PBKEY?err}
+      - ENABLE_WONDERSHAPER=true
       - NETLIMUP=10000
       - NETLIMDOWN=18000
diff --git a/uam/entrypoint.sh b/uam/entrypoint.sh
index 7bc40e0..03bc568 100755
--- a/uam/entrypoint.sh
+++ b/uam/entrypoint.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 cd /tmp
 apt update && apt -yq install wget libglib2.0-0 ca-certificates dnsmasq wondershaper
 update-ca-certificates
@@ -8,5 +8,7 @@ cd /opt/uam/
 echo "[net]" >> /root/.uam/uam.ini
 container_ip="$(hostname -i)"
 echo "listens=[${container_ip}]:4156" >> /root/.uam/uam.ini
-wondershaper eth0 $2 $3 &
+if [[ "$4" == "true" ]]; then
+  wondershaper eth0 $2 $3 &
+fi
 ./uam --pk $1 --http [0.0.0.0]:17099 --no-ui