Users can't use sudo - Githubissues

bekcpear / riscv-chroot-env

mirror of https://gitlab.com/cwittlut/riscv-chroot-env

4 stars 1 forks source link

Users can't use sudo #1

Open wiredhikari opened 2 years ago

wiredhikari commented 2 years ago

On creating users and assigning them the group wheel and making changes via visudo don't allow users to execute sudo command.

username@rv-qemuu-test ~ $ sudo
sudo: The "no new privileges" flag is set, which prevents sudo from running as root.
sudo: If sudo is running in a container, you may need to adjust the container configuration to disable the flag.

bekcpear commented 2 years ago

Hi, it looks like the bubblewrap disables this feature for security. https://github.com/containers/bubblewrap#security

In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid binaries, which is the traditional way to get out of things like chroots.