Snapped apps using su/sudo
Sergio Schvezov
sergio.schvezov at canonical.com
Wed Dec 28 15:02:15 UTC 2016
El 27/12/16 a las 14:18, Alberto Donato escribió:
> On Thu, Dec 22, 2016 at 11:14 PM, Sergio Schvezov
> <sergio.schvezov at canonical.com <mailto:sergio.schvezov at canonical.com>>
> wrote:
>
>
>
> El 19 dic. 2016 11:11 AM, "Alberto Donato"
> <alberto.donato at canonical.com
> <mailto:alberto.donato at canonical.com>> escribió:
>
> Hi,
>
> I'm trying to create a snap for sshuttle, the ssh-based VPN app.
> One of its components (the firewall manager) needs to either
> be run as root, or use su/sudo to be able to configure
> firewall rules.
>
> The app uses an "if os.getuid() != 0" to check whether it can run.
>
> Is there any way to get it to work inside a snap?
>
>
> Doesn't putting sudo in front of your command do the trick?
>
>
> Well that might work, but it would run all sshuttle components as
> root, while the application is designed to run just the firewall part
> as root.
> I'd like to preserve this behavior.
> My question, in general, is whether it's possible to set up sudo
> within a snap confinement so that certain commands can be run as root.
`classic` confinement can give you this. Other mechanisms might be
tricky: on a classic the sudoers rules checked would be that of the core
and not the one on your classic system whilst on a pure snap system
(Ubuntu Core), iirc, you cannot modify the sudoers file.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20161228/05461571/attachment.html>
More information about the Snapcraft
mailing list