search

crops / poky-container

A container image that is able to run bitbake/poky. It has helpers to create users and groups within the container. This is so that the output generated in the container will be readable by the user on the host.
GNU General Public License v2.0
206 stars 94 forks source link

/usr/lib/sudo/sudoers.so must be only be writable by owner #28

Closed nefethael closed 4 years ago

nefethael commented 6 years ago

Hi,

I'm trying to use/build crops/poky on Fedora 28 (Docker version 18.05.0-ce, build f150324) and it fails with following error:

Running Test run-build.sh
sudo: error in /etc/sudo.conf, line 0 while loading plugin `sudoers_policy'
sudo: /usr/lib/sudo/sudoers.so must be only be writable by owner
sudo: fatal error, unable to load plugins
Traceback (most recent call last):
  File "/usr/bin/usersetup.py", line 62, in <module>
    subprocess.check_call(cmd.split(), stdout=sys.stdout, stderr=sys.stderr)
  File "/usr/lib/python2.7/subprocess.py", line 541, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', 'restrict_groupadd.sh', '0', 'pokyuser']' returned non-zero exit status 1
Test run-build.sh failed
Running Test run-build.sh
sudo: error in /etc/sudo.conf, line 0 while loading plugin `sudoers_policy'
sudo: /usr/lib/sudo/sudoers.so must be only be writable by owner
sudo: fatal error, unable to load plugins
Traceback (most recent call last):
  File "/usr/bin/usersetup.py", line 62, in <module>
    subprocess.check_call(cmd.split(), stdout=sys.stdout, stderr=sys.stderr)
  File "/usr/lib/python2.7/subprocess.py", line 541, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', 'restrict_groupadd.sh', '0', 'pokyuser']' returned non-zero exit status 1
Test run-build.sh failed

I added RUN chmod 755 /usr/lib/sudo/sudoers.so /etc/sudoers /etc/sudoers.d /etc/sudoers.d/README to get it run. I'm not sure if it is the right solution.

Regards, Vincent

rewitt1 commented 6 years ago

Hi @nefethael,

I just built crops/poky:ubuntu-16.04(the default) and ran the tests using docker on Fedora 28 and everything seems to check out. I'm not using docker-ce since there are no Fedora maintained versions of it yet.

But before I start entertaining the idea that it may be caused by docker-ce, I want to make sure I understand exactly what you're doing. Are you instead trying to build a crops/poky:fedora-28 image and trying to run that? Also what is your docker run command line inside your run-build.sh script?

nefethael commented 6 years ago

Previous logs come from build-and-test.sh script to generate crops/poky:ubuntu-16.04 (run-build.sh is launched from it and without modifications). I also run stock image with sudo docker run --rm -it -v /home/myuser/mystuff:/workdir crops/poky:ubuntu-16.04 --workdir=/workdir and mystuff is created by myuser.