[Bug 1857036] Re: `sudo --login --user USERNAME` throws `setrlimit(RLIMIT_CORE): Operation not permitted` error when run inside a container.
Simon Déziel
1857036 at bugs.launchpad.net
Mon Jul 20 19:50:53 UTC 2020
Thanks Bryce for the PPA. I can confirm it does work:
# reproduce the problem:
root at sudo-sru-lp1857036-test:~# sudo true
sudo: setrlimit(RLIMIT_CORE): Operation not permitted
# get the fix from the PPA:
root at sudo-sru-lp1857036-test:~# apt-add-repository -yus ppa:bryce/sudo-sru-lp1857036-setrlimit-in-lxc
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [107 kB]
Get:2 http://ppa.launchpad.net/bryce/sudo-sru-lp1857036-setrlimit-in-lxc/ubuntu focal InRelease [17.6 kB]
Hit:3 http://archive.ubuntu.com/ubuntu focal InRelease
Get:4 http://archive.ubuntu.com/ubuntu focal-updates InRelease [111 kB]
Get:5 http://ppa.launchpad.net/bryce/sudo-sru-lp1857036-setrlimit-in-lxc/ubuntu focal/main Sources [864 B]
Get:6 http://ppa.launchpad.net/bryce/sudo-sru-lp1857036-setrlimit-in-lxc/ubuntu focal/main amd64 Packages [756 B]
Get:7 http://ppa.launchpad.net/bryce/sudo-sru-lp1857036-setrlimit-in-lxc/ubuntu focal/main Translation-en [528 B]
Get:8 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [261 kB]
Get:9 http://archive.ubuntu.com/ubuntu focal-updates/main Translation-en [102 kB]
Get:10 http://archive.ubuntu.com/ubuntu focal-updates/restricted amd64 Packages [28.4 kB]
Get:11 http://archive.ubuntu.com/ubuntu focal-updates/restricted Translation-en [7,560 B]
Fetched 637 kB in 2s (389 kB/s)
Reading package lists... Done
root at sudo-sru-lp1857036-test:~# apt-get install -V sudo
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
sudo (1.8.31-1ubuntu1 => 1.8.31-1ubuntu2~focal1)
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,320 kB of archives.
After this operation, 1,849 kB of additional disk space will be used.
Get:1 http://ppa.launchpad.net/bryce/sudo-sru-lp1857036-setrlimit-in-lxc/ubuntu focal/main amd64 sudo amd64 1.8.31-1ubuntu2~focal1 [1,320 kB]
Fetched 1,320 kB in 3s (495 kB/s)
(Reading database ... 16712 files and directories currently installed.)
Preparing to unpack .../sudo_1.8.31-1ubuntu2~focal1_amd64.deb ...
Unpacking sudo (1.8.31-1ubuntu2~focal1) over (1.8.31-1ubuntu1) ...
Setting up sudo (1.8.31-1ubuntu2~focal1) ...
# confirm the fix:
root at sudo-sru-lp1857036-test:~# sudo true
root at sudo-sru-lp1857036-test:~#
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1857036
Title:
`sudo --login --user USERNAME` throws `setrlimit(RLIMIT_CORE):
Operation not permitted` error when run inside a container.
Status in sudo package in Ubuntu:
Fix Released
Status in sudo source package in Focal:
Fix Committed
Status in sudo source package in Groovy:
Fix Released
Bug description:
[Impact]
Logging in as a sudo user in a Ubuntu Focal Linux container displays a
warning:
sudo: setrlimit(RLIMIT_CORE): Operation not permitted
The warning is entirely unnecessary - the container is trying to adjust
RLIMIT_CORE, but this isn't allowed inside a container anyway.
While this is "just" a warning, logging into a container as sudo is a
very common practice, so this warning risks creating confusion for LTS
users.
[Test Case]
$ lxc launch ubuntu:20.04/amd64 sudo-sru-lp1857036-test
$ lxc shell sudo-sru-lp1857036-test
# sudo --login --user ubuntu
sudo: setrlimit(RLIMIT_CORE): Operation not permitted
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
$ logout
Install the PPA
# apt-add-repository -yus ppa:bryce/sudo-sru-lp1857036-setrlimit-in-lxc
# apt-get install sudo
# sudo --login --user ubuntu
$
[Regression Potential]
As this only affects printing of a couple warnings, the only behavioral
change is in stderr output.
[Discussion]
This changes a couple warnings into equivalent debug printfs, which
brings the sudo behavior in-line with the behavior in groovy, bionic,
etc. and should cause no troubles.
This patch originates from upstream, and is already in groovy's sudo
package (which thus can be seen not to exhibit the issue).
The upstream patch includes some new debug prints which should be
harmless but are unnecessary to the fix so they've been removed.
[Original Report]
When using `sudo --login --user USERNAME` with Ubuntu Focal currently, it will correctly operate but it will also throw the following error before continuing with the logon process (which completes successfully except for the stated error):
sudo: setrlimit(RLIMIT_CORE): Operation not permitted
A full run of this was tested in a Focal LXD container after dropping
to a root shell to reproduce (arstotzka is the host system, focal-test
is the test container):
teward at arstotzka:~$ lxc shell focal-test
root at focal-test:~# sudo --login --user ubuntu
sudo: setrlimit(RLIMIT_CORE): Operation not permitted
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
ubuntu at focal-test:~$
This appears to be similar to this issue identified on RedHat's
tracker: https://bugzilla.redhat.com/show_bug.cgi?id=1773148
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: sudo 1.8.29-1ubuntu1
ProcVersionSignature: Ubuntu 4.15.0-72.81-generic 4.15.18
Uname: Linux 4.15.0-72-generic x86_64
ApportVersion: 2.20.11-0ubuntu14
Architecture: amd64
Date: Thu Dec 19 17:16:31 2019
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: sudo
UpgradeStatus: No upgrade log present (probably fresh install)
VisudoCheck:
/etc/sudoers: parsed OK
/etc/sudoers.d/90-cloud-init-users: parsed OK
/etc/sudoers.d/README: parsed OK
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1857036/+subscriptions
More information about the foundations-bugs
mailing list