Closed cmacq2 closed 8 years ago
This is a somewhat more polished effort based on the first:
sudo
and/or su
are available, then use a fallback scheme (prefer sudo
by default but fall back to su
if available). I think this should resolve the sudo
versus su
sticking point of the original discussion.I appreciate the idea here, but I'm still not keen on including this.
I've added a check for this in brickstrap.sh
and added a bit to the readme in https://github.com/ev3dev/brickstrap/commit/f5b9bf0621b1aab8e66086c3c671428cbb12f0de.
The two things I don't care for are:
sudo sysctl -w kernel.unprivileged_userns_clone=1
and sudo sysctl -w kernel.unprivileged_userns_clone=0
(and you can copy and paste from the brickstrap error message if you forget what the command is).Fair enough. I don't really appreciate the security issue, in that there's functionally no difference between the user manually running the commands or manually using a fallback script that does it for them. There's something to be said for not doing more than necessary though, in case we get it 'wrong'.
So let's abandon this PR and consider the core issue solved/fixed.
By the way I've left a small review note on your commit.
This is Debian specific fallback version which will first prod the kernel into allowing ordinary users to unshare, as this is a necessary for user-unshare.pl on recent-ish Debian. Any changes to original kernel settings are reverted on exit. This workaround avoids having to run the entire brickstrap with sudo/su or to change the default unshare policy permanently. Only the initial prodding and reverting need sudo/su privileges.
By request the unshare-harder variant was split off into a PR of its own, from #12 Continuing the comment thread:
sudo su
means that the user can simply input their 'normal' password instead of the password for root. This may be useful in scenarios where root isn't setup for login shells (as with e.g. Ubuntu by default) or they lack the root password. The downside is that the script requires sudo (in addition to su) which you may or may not find a gratuitous dep. It's possible to make the exact choice (sudo su
or plainsu
) configurable using a environment variable, of course... but even then the best default needs to be agreed upon.