search

DtxdF / AppJail

Simple and easy-to-use tool for creating portable jails.
https://appjail.readthedocs.io
BSD 3-Clause "New" or "Revised" License
144 stars 8 forks source link

missing doas dependency #5

Closed bschwand closed 8 months ago

bschwand commented 8 months ago

it appears installing AppJail does not install doas, which seems to be a dependency.

[bruno@proliant21 ~]$ appjail -h [00:00:00] [ error ] doas: program not found.

[bruno@proliant21 ~]$ uname -a FreeBSD proliant21.bschwand.net 14.0-RELEASE-p5 FreeBSD 14.0-RELEASE-p5 #0: Tue Feb 13 23:37:36 UTC 2024 [bruno@proliant21 ~]$ pkg info appjail appjail-3.0.0 Name : appjail Version : 3.0.0 Installed on : Wed Feb 14 16:51:47 2024 CET Origin : sysutils/appjail Architecture : FreeBSD:14:amd64 Prefix : /usr/local Categories : sysutils Licenses : BSD3CLAUSE Maintainer : DtxdF@disroot.org WWW : https://github.com/DtxdF/AppJail/ Comment : Simple and easy-to-use tool for creating portable jails Options : DEBOOTSTRAP : off DOAS : off DOCS : on GIT : off Annotations : FreeBSD_version: 1400097 build_timestamp: 2024-01-09T04:13:30+0000 built_by : poudriere-git-3.4.0 port_checkout_unclean: no port_git_hash : 756e18783 ports_top_checkout_unclean: no ports_top_git_hash: 756e18783 repo_type : binary repository : FreeBSD Flat size : 1.07MiB

DtxdF commented 8 months ago

Hi @bschwand

security/doas is not a strictly necessary dependency for AppJail to work, it is optional. Since AppJail is a utility that is designed to be managed as root, it needs to wrap a utility like security/doas or security/sudo (not tested) when running as unprivileged user (uid != 0).

Please read more details in AppJail's documentation: https://appjail.readthedocs.io/en/latest/trusted-users/

bschwand commented 8 months ago

Thanks! I understand the rationale. However, this does not seem like a proper response [00:00:00] [ error ] doas: program not found. To any user, this looks like a bug or a broken install. Most applications, in that case, trap the error and mention this should be run as root, or with sudo/doas, or to configure the appropriate env variable, or point to the documentation... like here, it would be nice if it just said something like "The appjail-user uses RUNAS (default: doas) to execute AppJail commands as root"

DtxdF commented 8 months ago

I agree with you, this needs to be improved. I will analyze if there is a similar problem in other parts of AppJail and fix this problem. Thanks!