Skip to content

Tweak docker base image, approval script, and sudoers file; add Docker section to README #124

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
haikuginger wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Tweak docker base image, approval script, and sudoers file; add Docker section to README #124

haikuginger wants to merge 2 commits into from

Conversation

@haikuginger
Copy link
Collaborator

@haikuginger haikuginger commented Jul 6, 2022

No description provided.

@haikuginger haikuginger requested a review from klieth as a code owner July 6, 2022 19:43
@CLAassistant
Copy link

CLAassistant commented Jul 6, 2022

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

haikuginger
haikuginger commented Jul 6, 2022
View reviewed changes
Dockerfile
# syntax=docker/dockerfile:1

FROM rust:latest AS base
FROM rust:1.52.1 AS base
Copy link
Collaborator Author

@haikuginger haikuginger Jul 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sometime between the last update and now, rust:latest started building the plugin in such a way that it causes a segfault when added to sudo.conf. Looking at bisecting that.

sample/etc/sudo_pair.prompt.user
To continue, another human must run:

docker exec -it %h '%B %u %p'
docker exec -it %h %B %u %p
Copy link
Collaborator Author

@haikuginger haikuginger Jul 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Having the command and its params in quotes causes Docker to look for a file of that exact name, which then can't be found.

sample/etc/sudoers.d/sudo_pair
@@ -1 +1 @@
nobody ALL = (: games) NOPASSWD: LOG_OUTPUT: ALL
games ALL = (nobody) NOPASSWD:LOG_OUTPUT:ALL
Copy link
Collaborator Author

@haikuginger haikuginger Jul 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This might be wrong—I kind of reverse-engineered this from what seemed like the expected behavior for the environment; nogroup is the restricted-access group which triggers sudo_pair, and nobody is the member of that group that we want to sudo as. Doing it as root just automatically succeeds, so we need to do it with a different user (presumably games, although most users would work).

@haikuginger haikuginger requested a review from stouset July 6, 2022 19:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@klieth klieth Awaiting requested review from klieth

@stouset stouset Awaiting requested review from stouset

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@haikuginger @CLAassistant