From e838237fc5c0f318cfae5b3fb2320215a61b4d36 Mon Sep 17 00:00:00 2001 From: "Alexander, Michael" Date: Wed, 4 Dec 2024 16:27:08 -0500 Subject: [PATCH 1/2] Fix sudo usage. Sudo is being used directly all over the place, which doesn't work when the user is already root. Add a SUDO and SUDO_W_ENV variable that evaluates to the equivalent sudo command, but is blanked when running as root. Also add a sudo and sudo_w_env alias that map to a fake-root function that just runs the command passed without any sudo call, so any attempted use of sudo by python scripts triggered from the cmd-* scripts won't actually use sudo when running as root. --- src/cmd-fetch | 4 ++-- src/cmd-init | 2 +- src/cmdlib.sh | 32 ++++++++++++++++++++++++++------ 3 files changed, 29 insertions(+), 9 deletions(-) diff --git a/src/cmd-fetch b/src/cmd-fetch index 165829b7c4..4aae2d0d75 100755 --- a/src/cmd-fetch +++ b/src/cmd-fetch @@ -8,12 +8,12 @@ dn=$(dirname "$0") FILE=cache/pkgcache-repo if [ -d "${FILE}" ] then - pkgcachesize=$(sudo du --bytes --max-depth 0 "${FILE}" \ + pkgcachesize=$(${SUDO} du --bytes --max-depth 0 "${FILE}" \ | awk '{print $1; exit}') pkglimit=$((1024 * 1024 * 1024 * 5)) if [[ "${pkgcachesize}" -gt "${pkglimit}" ]] then - sudo cosa prune --pkgcache + ${SUDO} cosa prune --pkgcache fi fi diff --git a/src/cmd-init b/src/cmd-init index 7e1fcb9a00..ead10c4867 100755 --- a/src/cmd-init +++ b/src/cmd-init @@ -147,7 +147,7 @@ source=$1; shift preflight if has_privileges; then - sudo chown "$USER:" . + ${SUDO} chown "$USER:" . elif [ ! -w . ]; then fatal "init: running unprivileged, and current directory not writable" fi diff --git a/src/cmdlib.sh b/src/cmdlib.sh index f83ae98a4c..a0246635e7 100755 --- a/src/cmdlib.sh +++ b/src/cmdlib.sh @@ -5,6 +5,26 @@ set -euo pipefail DIR=$(dirname "$(realpath "${BASH_SOURCE[0]}")") RFC3339="%Y-%m-%dT%H:%M:%SZ" +# Fix 'sudo' in case we're running as root +if [ "$(id -u)" != "0" ]; then + export SUDO=sudo + export SUDO_W_ENV=sudo -E + # always provide the sudo_w_env alias so python scripts can be sure it always exists + alias sudo_w_env='sudo -E' +else + export SUDO= + export SUDO_W_ENV= + fake-sudo() { + set -e + $* + } + export -f fake-sudo + # Spoof 'sudo' in the environment to go to our wrapper that does nothing instead, including a sudo_w_env that drops the -E options as well. + # Python code doesn't use the ${SUDO} or ${SUDO_W_ENV} variables, so this forces them to the right thing when hardcoding the subprocess commands. + alias sudo='fake-sudo' + alias sudo_w_env='fake-sudo' +fi + info() { echo "info: $*" 1>&2 } @@ -113,9 +133,9 @@ preflight_kvm() { if ! has_privileges; then fatal "running unprivileged, and /dev/kvm not writable" else - sudo rm -f /dev/kvm - sudo mknod /dev/kvm c 10 232 - sudo setfacl -m u:"$USER":rw /dev/kvm + ${SUDO} rm -f /dev/kvm + ${SUDO} mknod /dev/kvm c 10 232 + ${SUDO} setfacl -m u:"$USER":rw /dev/kvm fi fi fi @@ -567,10 +587,10 @@ runcompose_tree() { set - "$@" --repo "${repo}" --write-composejson-to "${composejson}" # we hardcode a umask of 0022 here to make sure that composes are run # with a consistent value, regardless of the environment - (umask 0022 && sudo -E "$@") - sudo chown -R -h "${USER}":"${USER}" "${tmprepo}" + (umask 0022 && ${SUDO_W_ENV} -E "$@") + ${SUDO} chown -R -h "${USER}":"${USER}" "${tmprepo}" if [ -f "${composejson}" ]; then - sudo chown "${USER}":"${USER}" "${composejson}" + ${SUDO} chown "${USER}":"${USER}" "${composejson}" fi else runvm_with_cache -- "$@" --repo "${repo}" --write-composejson-to "${composejson}" From 1bbc89e4c7b1e5830b967d07896a05b58ce188ef Mon Sep 17 00:00:00 2001 From: "Alexander, Michael" Date: Wed, 4 Dec 2024 17:29:32 -0500 Subject: [PATCH 2/2] Fix shellcheck error --- src/cmdlib.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/cmdlib.sh b/src/cmdlib.sh index a0246635e7..32009fb69c 100755 --- a/src/cmdlib.sh +++ b/src/cmdlib.sh @@ -15,8 +15,9 @@ else export SUDO= export SUDO_W_ENV= fake-sudo() { + # pass thru the exit code implicitly set -e - $* + "$@" } export -f fake-sudo # Spoof 'sudo' in the environment to go to our wrapper that does nothing instead, including a sudo_w_env that drops the -E options as well.