DavHau
commented
10 months ago I don't quite get what's the problem. Why can you not use sudo?
Open traverseda opened 10 months ago
DavHau
commented
10 months ago I don't quite get what's the problem. Why can you not use sudo?
traverseda
commented
10 months ago ...is that not happening for anyone else?
./nix-portable nix run nixpkgs#bash
$ sudo
sudo: /etc/sudo.conf is owned by uid 65534, should be 0
sudo: The "no new privileges" flag is set, which prevents sudo from running as root.
sudo: If sudo is running in a container, you may need to adjust the container configuration to disable the flag.➜ ~ which bwrap
/usr/bin/bwrap
➜ ~ bwrap --version
bubblewrap 0.8.0I never tried using sudo. Maybe have a look at the bwrap cmdline flags. If you can find out what we need to change, we can add it to nix-portable.
traverseda
commented
10 months ago Looking into it, seems like it's not going to be possible.
https://github.com/containers/bubblewrap/issues/378#issuecomment-633064529
Not surprising, I imagine it's difficult to allow overriding paths, allowing privilege escalation, and allowing setuid binaries, without opening up security holes.
How would you like to handle this bug? Close it, mark it as un-fixable?
jennydaman
commented
5 months ago For the sake of keeping note: FUSE doesn't seem to work in bwrap either, so neither will AppImage work.
I'm using nix-portable to configure stuff related to my dotfiles, including setting up a shell and terminal multiplexer. Currently this means I can't run sudo commands when I'm using said dotfiles, at least if I'm not a system that doesn't have real nix.
Is there a way to tweak the bubblewrap config to fix this?