Using sudo from within a snap

[Chris Wayne]

Is this something that could be added to the roadmap?  We'd really prefer
to not have to call the snap itself with sudo as it creates some
permissions issues (root-owned dirs in $HOME for example) and some other
general flakiness.  What would the sudo interface entail, just access to
/usr/bin/sudo and /etc/sudoers.d/snap.mountpoint?

On Mon, Aug 8, 2016 at 5:27 AM, Oliver Grawert <ogra at ubuntu.com> wrote:

> hi,
> Am Montag, den 08.08.2016, 09:36 +0200 schrieb Simon Fels:
> > On 06.08.2016 15:54, Chris Wayne wrote:
> > >
> > > Hi guys,
> > >
> > > I seem to be having some issues while running anything as sudo from
> > > within a
> > > snap (namely bug https://bugs.launchpad.net/ubuntu/+source/snapd/+b
> > > ug/1610292).
> > If you package sudo within your snap snapcraft will strip the
> > necessary
> > suid bit from it so it wont work anymore. Only way to use sudo is to
> > use
> > the one from the core snap.
> >
> how would you hook into /etc/sudoers (or /etc/sudoers.d/) ?
> snapd would have to install or bind-mount a sudoers file above the one
> from the core snap ... you also need to make sure that your user exists
> in the password db ... both gets very hairy in an all-snap image where
> the core snap is actually the rootfs (and both of the above files are
> required for having the system functional)
>
> i could imagine a sudo interface here (for the binary) and shipping a
> generic /etc/sudoers.d/snapd mountpoint in the core snap where
> snapd/snap-confine could bind-mount a shipped sudoers snippet, but that
> still leaves the passwd db issue open...
>
> ciao
>         oli
> --
> Snapcraft mailing list
> Snapcraft at lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/snapcraft
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20160816/a6dfa5d5/attachment.html>