|
Implement the sudo hardening plan so mage itself never runs as root.
Changes:
- Remove implicit sudo wrapping for go test (buildGoTestCmd, progress
ticker, drainTestEvents helpers removed).
- Add compileIntegrationTestBinary() + runIntegrationTestBinary() helpers.
The integration test binary is compiled unprivileged, then executed
under sudo -n -E from the integrationtests/ directory so relative paths
(../ior, ../ioworkload) resolve correctly.
- Harden sudoOutput() to prefix with sudo -n.
- Harden sudoRunWithEnv() to prefix with sudo -n env ...
- Update docs/sudo-hardening-plan.md and docs/sudo-rules-for-ior.txt
to document the working approach (sudo -n -E with SETENV flag).
|
