Using sudo from within a snap
Chris Wayne
chris.wayne at canonical.com
Tue Aug 16 13:53:41 UTC 2016
Is this something that could be added to the roadmap? We'd really prefer
to not have to call the snap itself with sudo as it creates some
permissions issues (root-owned dirs in $HOME for example) and some other
general flakiness. What would the sudo interface entail, just access to
/usr/bin/sudo and /etc/sudoers.d/snap.mountpoint?
On Mon, Aug 8, 2016 at 5:27 AM, Oliver Grawert <ogra at ubuntu.com> wrote:
> hi,
> Am Montag, den 08.08.2016, 09:36 +0200 schrieb Simon Fels:
> > On 06.08.2016 15:54, Chris Wayne wrote:
> > >
> > > Hi guys,
> > >
> > > I seem to be having some issues while running anything as sudo from
> > > within a
> > > snap (namely bug https://bugs.launchpad.net/ubuntu/+source/snapd/+b
> > > ug/1610292).
> > If you package sudo within your snap snapcraft will strip the
> > necessary
> > suid bit from it so it wont work anymore. Only way to use sudo is to
> > use
> > the one from the core snap.
> >
> how would you hook into /etc/sudoers (or /etc/sudoers.d/) ?
> snapd would have to install or bind-mount a sudoers file above the one
> from the core snap ... you also need to make sure that your user exists
> in the password db ... both gets very hairy in an all-snap image where
> the core snap is actually the rootfs (and both of the above files are
> required for having the system functional)
>
> i could imagine a sudo interface here (for the binary) and shipping a
> generic /etc/sudoers.d/snapd mountpoint in the core snap where
> snapd/snap-confine could bind-mount a shipped sudoers snippet, but that
> still leaves the passwd db issue open...
>
> ciao
> oli
> --
> Snapcraft mailing list
> Snapcraft at lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/snapcraft
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20160816/a6dfa5d5/attachment.html>
More information about the Snapcraft
mailing list