Skip to content

refactor: remove the dormant slot privilege seam (hal0-slotctl + euid routing)#954

Merged
thinmintdev merged 2 commits into
mainfrom
refactor/drop-slotctl-privilege-seam
Jun 23, 2026
Merged

refactor: remove the dormant slot privilege seam (hal0-slotctl + euid routing)#954
thinmintdev merged 2 commits into
mainfrom
refactor/drop-slotctl-privilege-seam

Conversation

@thinmintdev

@thinmintdev thinmintdev commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Summary

Follow-up to #953 (hardened mode removed). Now that hal0-api always runs as root, the slot privilege seam that existed solely to let an unprivileged daemon write per-slot units + run systemctl is dead code. This removes it — behavior‑preserving, since the kept path is exactly the euid == 0 (root) branch that already ran in production.

Removed

  • ContainerProvider._privileged() and the two if os.geteuid() == 0 … else <sudo -n hal0-slotctl …> branches in container.py (kept the root branch; dropped the _HAL0_SLOTCTL constant).
  • The hal0-slotctl wrapper (installer/wrappers/hal0-slotctl) + its sudoers grant (packaging/sudoers/hal0-slotctl) + the install.sh block that wrote them — replaced with an upgrade cleanup that deletes any stale copies left by an older hardened install.
  • The sudo -n fallback in installer.py:_privileged_systemctl_argv (same dormant euid pattern; comfyui restart now goes direct).
  • The obsolete seam test (tests/providers/test_container_privileged_seam.py) and the conftest.py autouse geteuid==0 fixture (no longer needed — container.py never calls geteuid now).

Kept (intentionally)

  • src/hal0/install/perms.py — still used by hal0 doctor to audit root-only + agent (#843) ownership. Its stale "seam is the prerequisite" docstring is updated; its now-unwired non-root branches are left as a candidate for a later cleanup alongside doctor.
  • The agent env seam (hal0-agentenv, run-as-hal0.sh) — agents/Hermes still run as hal0, so this stays.

Verification

  • 289 targeted tests pass (tests/providers + tests/install/test_perms.py + tests/api/test_installer_routes.py).
  • ruff check + ruff format --check clean; bash -n installer/install.sh clean.
  • Net −314 lines.

Test plan

  • CI green.
  • On a root-mode box, slot load/unload still writes the unit + daemon-reload/restart directly (unchanged path).
  • Upgrading a previously-hardened box removes the stale hal0-slotctl + /etc/sudoers.d/hal0-slotctl.

🤖 Generated with Claude Code

thinmintdev and others added 2 commits June 23, 2026 00:06
@thinmintdev @claude
refactor: remove the dormant slot privilege seam (hal0-slotctl + euid…
4eb7f2c 
… routing)

Follow-up to #953 (hardened mode removed). With hal0-api always root, the slot privilege seam is dead code. Removes: ContainerProvider._privileged() + the two euid!=0 branches (the root path is unchanged — behavior-preserving), the hal0-slotctl wrapper + sudoers + their install.sh writes (replaced with an upgrade cleanup that deletes any stale copies), the installer-route _privileged_systemctl_argv sudo fallback, and the now-obsolete seam test + conftest euid fixture.

Kept: src/hal0/install/perms.py (still used by 'hal0 doctor' for root-only + agent ownership auditing; stale seam doc updated) and the agent env seam (hal0-agentenv / run-as-hal0.sh — agents still run as hal0). perms.py's non-root branches are now unwired — a candidate for a later cleanup alongside doctor.

289 targeted tests pass (providers + perms + installer routes); ruff + bash -n clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@thinmintdev @claude
test: drop comfyui non-root sudo test (seam removed)
92ea316 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@thinmintdev thinmintdev merged commit f4a8638 into main Jun 23, 2026
3 checks passed
@thinmintdev thinmintdev mentioned this pull request Jun 23, 2026
Merged
bogdan-d pushed a commit to bogdan-d/hal0 that referenced this pull request Jun 23, 2026
@thinmintdev @claude
chore(release): prep 0.8.1-beta.1
fa350cb 
Bump version 0.8.0-beta.3 -> 0.8.1-beta.1 and add the CHANGELOG entry for the
installer/privilege simplification (Hal0ai#953, Hal0ai#954) + Hermes durable memory on by
default (Hal0ai#955: private:hermes + shared banks, agent-id hermes).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@thinmintdev thinmintdev deleted the refactor/drop-slotctl-privilege-seam branch June 23, 2026 21:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thinmintdev