Skip to content

Commit

Permalink
virtme-ng-init: add default secure_path to /etc/sudoers
Browse files Browse the repository at this point in the history
When executing vng as a non-privileged user without /sbin in their
$PATH, attempting to run a command located in that directory with sudo
will not succeed.

Fix by defining a proper secure_path in /etc/sudoers.

The same change has been applied to virtme-init in the virtme-ng
repository, see commit:

 ac29432 ("virtme-init: Add default secure_path")

Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
  • Loading branch information
Andrea Righi committed Nov 23, 2023
1 parent 2ed0641 commit 607150c
Showing 1 changed file with 5 additions and 4 deletions.
9 changes: 5 additions & 4 deletions src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -307,10 +307,11 @@ fn generate_shadow() -> io::Result<()> {
fn generate_sudoers() -> io::Result<()> {
if let Ok(user) = env::var("virtme_user") {
let fname = "/tmp/sudoers";
let content = format!(
"root ALL = (ALL) NOPASSWD: ALL\n{} ALL = (ALL) NOPASSWD: ALL\n",
user
);
let content = "Defaults secure_path=\"/usr/sbin:/usr/bin:/sbin:/bin\"\n".to_string()
+ &format!(
"root ALL = (ALL) NOPASSWD: ALL\n{} ALL = (ALL) NOPASSWD: ALL\n",
user
);
utils::create_file(fname, 0o0440, &content).ok();
utils::do_mount(fname, "/etc/sudoers", "", libc::MS_BIND as usize, "");
}
Expand Down

0 comments on commit 607150c

Please sign in to comment.