<tannercollin>
The server's Debian 8.4. It's running inside a Docker container along with Wordpress running on Apache and Mysql.
<tannercollin>
it was working perfectly, then i decided to change something in wordpress's wp-config file, and after i restarted apache, mysql, and sandstorm... sandstorm would not work.
<dwrensha>
"Invalid cross-device link" seems to indicate filesystem shenanigans
<dwrensha>
I wonder if docker's union filesystem is somehow causing problems
<dwrensha>
sandstorm sets up its own mount namespace... maybe that interacts weirdly with Docker
<dwrensha>
... but I'm just taking stabs in the dark here
<asheesh>
Yeah - tannercollin , can you share your Dockerfile?
<tannercollin>
hmmmm that could be it. is there anything i should check?
<dwrensha>
when I do `ls -l /opt/sandstorm/var/sandstorm/` I see that the `tmp` directory is "drwxrwx--T"
<tannercollin>
asheesh: unfortunately i used a pretty basic Dockerfile to set me up with a Debian container, and then manually installed apache, mysql, wordpress, and sandstorm
<asheesh>
You should typically use a Docker Data Volume so that /opt/sandstorm is not in the unionfs.
<asheesh>
But there is hope involving this data volume thing.
<asheesh>
"Mount a host directory as a data volume" this is what I'd suggest in that doc.
<asheesh>
I can try to ask a Docker-minded friend how to do that.
<asheesh>
It might take me a day to figure that out, and we might need your help to test things.
<dwrensha>
I do vaguely remember people have success with sandstorm in docker previously, and I don't remember this issue ever coming up
<tannercollin>
yeah, it worked well for the longest time
<dwrensha>
like, didn't jparyani run the tests in docker at one point?
<asheesh>
There's some new seccomp stuff fwiw, but other than that I don't know what would have changed.
<asheesh>
Hmm.
<tannercollin>
so right now, i don't use any of docker's volumes or anything except for "-v /etc/localtime:/etc/localtime:ro"
<tannercollin>
and this problem cropped up on monday
<asheesh>
If you can copy your /opt/sandstorm out into (what I would call) the host operating system, and use a docker volume to map it back in, that might help you.
<asheesh>
I should say - if you can *move* the /opt/sandstorm
<asheesh>
dwrensha: Yeah - jparyani was running tests in Docker, though eventually we stopped doing that, and he even removed the Dockerfile to indicate that we aren't good at supporting it.
<dwrensha>
asheesh: I'm curious about why you seem so confident that the installer won't work
<asheesh>
tannercollin: If you can file a GitHub issue about this, we can try to be responsive there and track the situation there. That's probably the best thing.
<dwrensha>
I guess enough people have failed trying and complained about it?
<tannercollin>
i'm just not sure if this is a problem with sandstorm, or my screw up
<dwrensha>
I wonder if it would be possible to poke around on the command line with `unshare` and `mv` to hit the same problem
<asheesh>
dwrensha: When jessiefrazelle and others and I were chatting recently, I learned there's some seccomp stuff in Docker that might interact poorly? That's sort of all I know.
<dwrensha>
could try strace, though if I remember correctly strace sometimes produces confusing output when seccomp is intercepting calls
<asheesh>
If you can investigate more dwrensha I'd be grateful! I'm at a talk and can't dig into it this in any depth right now.
<Lord>
Pasting sandstorm url on irc is quite a pita
jadewang_ has quit [Remote host closed the connection]
raoulzecat has quit [Ping timeout: 246 seconds]
ecloud has quit [Ping timeout: 244 seconds]
ecloud has joined #sandstorm
Salt has quit [Ping timeout: 246 seconds]
jemc has quit [Ping timeout: 250 seconds]
pdurbin has quit [Ping timeout: 276 seconds]
raoulzecat has joined #sandstorm
ocdtrekkie has quit [Ping timeout: 276 seconds]
aldeka has quit [Ping timeout: 276 seconds]
Salt has joined #sandstorm
pdurbin has joined #sandstorm
ocdtrekkie has joined #sandstorm
aldeka has joined #sandstorm
au_ is now known as au
halindrome has quit [Ping timeout: 244 seconds]
halindrome has joined #sandstorm
aldeka has quit [Remote host closed the connection]
ocdtrekkie has quit [Remote host closed the connection]
ocdtrekkie has joined #sandstorm
aldeka has joined #sandstorm
raoulzecat has quit [Ping timeout: 260 seconds]
frankier has joined #sandstorm
raoulzecat has joined #sandstorm
aundro has quit [Quit: Leaving]
raoulzecat has quit [Ping timeout: 260 seconds]
aundro has joined #sandstorm
amyers has joined #sandstorm
rgrinberg has joined #sandstorm
rgrinberg has quit [Quit: WeeChat 1.5]
rgrinberg has joined #sandstorm
raoulzecat has joined #sandstorm
jemc has joined #sandstorm
DanC__ has quit [Ping timeout: 240 seconds]
DanC__ has joined #sandstorm
amyers has quit [Remote host closed the connection]
amyers has joined #sandstorm
amyers has quit [Read error: Connection reset by peer]
amyers has joined #sandstorm
asmyers has joined #sandstorm
amyers has quit [Ping timeout: 252 seconds]
asmyers has quit [Read error: Connection reset by peer]
sandstormnewbie has joined #sandstorm
<sandstormnewbie>
hi!
<dwrensha>
sandstormnewbie: hi!
<sandstormnewbie>
is this a good place to ask newbie questions about sandstorm security?
<dwrensha>
yep
<sandstormnewbie>
would it be possible to create a secure email app as a sandstorm app?
<sandstormnewbie>
a bit like https://protonmail.com/ where the NSA cannot access / decrypt the emails?
ocdtrekkie has quit [Remote host closed the connection]
aldeka has quit [Remote host closed the connection]
<dwrensha>
We've had some discussions about such things...
ocdtrekkie has joined #sandstorm
aldeka has joined #sandstorm
<dwrensha>
I think one of the big obstacles is key management on the client side
jacksingleton has joined #sandstorm
amyers has joined #sandstorm
amyers has quit [Read error: Connection reset by peer]
amyers has joined #sandstorm
<sandstormnewbie>
where are the keys for the secure sandstorm 'grains' stored? on the client side or on the server side?
halindrome has quit [Ping timeout: 276 seconds]
halindrome has joined #sandstorm
<dwrensha>
does protonmail work in browser?
<sandstormnewbie>
AFAIK there are two keys in protonmail, one is used to login into protonmail system like a password but gives no access to the encrypted mails. And then there's the second key which never leaves the browser which gives access to the encrypted mails, doing the decrypting in the browser...
<sandstormnewbie>
so with the key never leaving the browser then you never have to worry about the server being compromised by a hacker, an employee, the NSA, etc...
<dwrensha>
Sandstorm currently does not encrypt grain storage at a platform level. An app could decide to use encryption, and then it'd be up to the app to decide where the keys exist
<sandstormnewbie>
ahhh.... so does the sandstorm platform help with security when faced with server-side hackers, rogue provide employees, or the NSA demanding access?
axx_ has quit [Ping timeout: 260 seconds]
<dwrensha>
if you have root shell access to the machine running the Sandstorm server, then yes you can read all of the data
<dwrensha>
but if you're running apps through Sandstorm, it's a lot harder for someone to use those apps to break in to get root shell access to your server
<dwrensha>
and I think that kentonv has some ideas about how in the future Sandstorm could in fact encrypt its grain data at a platform level
<kentonv>
yeah, eventually we'll implement fine-grained encryption such that every grain's storage is encrypted at rest in a way that only people who rightfully have access to that grain can decrypt -- though it will require that all such users have set an encryption passphrase on their accounts.
<sandstormnewbie>
in this future scenario would the key ever leave the client? and would all decryption be done on the client?
<dwrensha>
I think in general, apps would want to run server-side code on unecrypted data
<dwrensha>
but there would be nothing stopping an app from implementing its own encryption scheme that has the properties you want, I think
<jacksingleton>
sandstormnewbie note that even with client side encryption, an attacker that controls the server controls all the javascript running in the browser -- so historical data is somewhat protected but any users actively using the service can be quite easily compromised
* asheesh
waves to all the party people.
<jacksingleton>
o/
<sandstormnewbie>
I agree if the client *is* a browser... but it might not be a browser... :-)
frigginglorious has joined #sandstorm
jadewang has joined #sandstorm
myguidingstar has joined #sandstorm
frigginglorious_ has joined #sandstorm
frigginglorious has quit [Ping timeout: 244 seconds]
frigginglorious_ is now known as frigginglorious
frigginglorious has quit [Quit: frigginglorious]
frankier has quit [Ping timeout: 240 seconds]
Zarutian has joined #sandstorm
Zarutian_ has joined #sandstorm
Zarutian has quit [Read error: Connection reset by peer]
Zarutian_ is now known as Zarutian
aldeka has quit [Remote host closed the connection]
ocdtrekkie has quit [Remote host closed the connection]
aldeka has joined #sandstorm
ocdtrekkie has joined #sandstorm
frigginglorious has joined #sandstorm
digitalcircuit has joined #sandstorm
garrison has joined #sandstorm
garrison has quit [Client Quit]
garrison has joined #sandstorm
<garrison>
Some time in the past day, all entries have suddenly disappeared from the sandstorm-radicale calendar which was stored on oasis. Would it be possible to work with you to restore a recent backup?
<garrison>
*my sandstorm-radicale calendar
rgrinberg has quit [Ping timeout: 250 seconds]
frigginglorious has quit [Read error: Connection reset by peer]
<kentonv>
garrison: I'm sorry to hear that. We have backups, but it would be a lot of effort to restore a backup of one specific grain. I think the first step here is to see if this is some sort of display bug -- that is, the data is still there, but the app is failing to show it for some reason. That's generally much more common than data actually being lost.
<kentonv>
garrison: I'd start by taking a look at the debug log ("monitor" icon in the top bar) for any obvious errors, then perhaps downloading a backup of the grain and inspecting the content to see if it looks like the data is still there. If you're willing to share it with me, I'd be happy to look myself.
frigginglorious has joined #sandstorm
jacksingleton has quit [Ping timeout: 246 seconds]
jacksingleton has joined #sandstorm
rgrinberg has joined #sandstorm
frigginglorious has quit [Quit: frigginglorious]
amyers has quit [Ping timeout: 250 seconds]
<garrison>
kentonv: thanks for the note. there are no obvious errors in the debug log. the calendar file is in the grain, but it is truncated such that it only displays a few things i have added in the past few hours.
<garrison>
I am happy to share the current grain with you if you'd like to confirm yourself.
<kentonv>
ok, email me the grain ID (kenton@sandstorm.io) and I'll pull the data from backups later today
<garrison>
kentonv: that will be awesome, thanks so much. i assume that just means the thing after /grain/ in the url?
<kentonv>
yep
<kentonv>
also helpful if you can narrow down when the problem occurred so I don't pull a backup that's too late
<kentonv>
you have to make extensive use of Cap'n Proto RPC, which currently is best-supported in C++
<kentonv>
(with Rust a close second)
<asheesh>
And golang is somewhere in there, too.
<asheesh>
There are other things that might make sense as a way to decode "native", like "native mobile app" (compiled language) or "app that only runs on Sandstorm" (like Hacker Slides).
<cmr>
I meant in that second sense.
<kentonv>
ah, I misunderstood
<cmr>
I don't have an actual web app yet, but am designing one and intend to use Cap'n Proto RPC, with some web interface, and started looking into Sandstorm.
<kentonv>
well, "exclusive to sandstorm, but created using a traditional stack" and "exclusive to sandstorm, using the raw Sandstorm APIs" are different things. The former is more common than the latter.
<cmr>
I think I want to be looking at grain.capnp, is that right?
<zarvox>
Yes, IIRC, your app implements a UiView as the bootstrap capability on the FD passed in from the Sandstorm supervisor
<cmr>
Indeed I do, though I don't mind translating C++ manually ;)
jadewang has quit [Remote host closed the connection]
<zarvox>
I thought I'd seen that handle before on various rust-lang discussions :)
<cmr>
As an unrelated aside, me and eternaleye are slowly designing a cap OS (https://robigalia.org/) around Cap'n Proto, would this be a good place to bring up cap'n proto-level questions or discussions?
jadewang has joined #sandstorm
<kentonv>
yep!
<eternaleye>
o/
jemc has quit [Ping timeout: 260 seconds]
jemc has joined #sandstorm
isd has joined #sandstorm
jacksingleton has quit [Ping timeout: 265 seconds]