From b075e45d2ab15fedca8d87c34c6d9b6b526990eb Mon Sep 17 00:00:00 2001 From: Andrea Righi Date: Tue, 13 Feb 2024 16:42:09 +0100 Subject: [PATCH] virtme-init: always override sudoers Always the host sudoers with a local copy even when running vng with `--user root`, in this way root can also run `sudo` if needed. Also resync virtme-ng-init to import the same change. Signed-off-by: Andrea Righi --- virtme/guest/virtme-init | 19 ++++++++++--------- virtme_ng_init | 2 +- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/virtme/guest/virtme-init b/virtme/guest/virtme-init index 687bef6..09a3b24 100755 --- a/virtme/guest/virtme-init +++ b/virtme/guest/virtme-init @@ -205,18 +205,19 @@ fi # Bring up networking ip link set dev lo up +# Setup sudoers +real_sudoers=/etc/sudoers +tmpfile="`mktemp --tmpdir=/tmp`" +echo "Defaults secure_path=\"/usr/sbin:/usr/bin:/sbin:/bin\"" > $tmpfile +echo "root ALL = (ALL) NOPASSWD: ALL" >> $tmpfile if [[ -n "${virtme_user}" ]]; then - real_sudoers=/etc/sudoers - tmpfile="`mktemp --tmpdir=/tmp`" - echo "Defaults secure_path=\"/usr/sbin:/usr/bin:/sbin:/bin\"" > $tmpfile - echo "root ALL = (ALL) NOPASSWD: ALL" >> $tmpfile echo "${virtme_user} ALL = (ALL) NOPASSWD: ALL" >> $tmpfile - chmod 440 "$tmpfile" - if [ ! -f "$real_sudoers" ]; then - touch "$real_sudoers" - fi - mount --bind "$tmpfile" "$real_sudoers" fi +chmod 440 "$tmpfile" +if [ ! -f "$real_sudoers" ]; then +touch "$real_sudoers" +fi +mount --bind "$tmpfile" "$real_sudoers" if cat /proc/cmdline |grep -q -E '(^| )virtme.dhcp($| )'; then # udev is liable to rename the interface out from under us. diff --git a/virtme_ng_init b/virtme_ng_init index b1a0f1e..f75260d 160000 --- a/virtme_ng_init +++ b/virtme_ng_init @@ -1 +1 @@ -Subproject commit b1a0f1ea34e29f97c9046bd0c46fd21187ce91bf +Subproject commit f75260d311eb4e5facb34fdb289effaee4a7ba11