Closed hellobbn closed 3 months ago
sudo graftcp sudo
will work.
By the way, if the graftcp-local
is not started by the system, you should run sudo ./graftcp-local
to use sudo graftcp sudo
.
Thanks for your reply!
But some programs will fail if executed by root like makepkg
in Arch Linux, instead it will request root later.
Can program of this kind be supported?
➜ yay
[sudo] password for xxx:
You can try this:
$ sudo graftcp bash # or zsh, fish...
$ whoami
root
$ yay
As a root, do anything you wanna do :grin:
Hmmmm, yes it could work on some programs. But some forces to run as a non-root, if you run it as root, it will give error immediately.
Do you mean that the root's environment does not match the non-root's environment, so that it cause the environmental dependency error? You can try sudo -E graftcp bash
.
Sorry, but I don't understand.
Let me take makepkg
as an example:
if run as root:
[root@hellobbn ~]# makepkg
==> ERROR: Running makepkg as root is not allowed as it can cause permanent,
catastrophic damage to your system.
@hellobbn Thank you for your example.
I thank it can be solved like this:
Do not run the following script, it will elevate the privileges of the tracked process to root, that is risky.
$ sudo chown root:root graftcp
$ sudo chmod a+s graftcp
# Then you can use graftcp to trace sudo...
$ graftcp bash
➜ makepkg
Hi, hmgle.
I think hellobbn's problem was about fakeroot.
It gives a fake root environment , to remove the need to become root for a package build.
And graftcp can't work with it. Like yay etc. graftcp yay
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
@hellobbn Thank you for your example. I thank it can be solved like this:
$ sudo chown root:root graftcp $ sudo chmod a+s graftcp # Then you can use graftcp to trace sudo... $ graftcp bash ➜ makepkg
However, this workaround works well in almost every case. To make it easier, you can write a shell script proxy-yay
like below:
#! /bin/sh
graftcp sh -c "yay $@"
Then you just need to use proxy-yay
instead of yay
, or set it as an alias of yay
.
can i use graftcp on alpine?
Hi, Error message now reads:
$ graftcp yay
sudo: The "no new privileges" flag is set, which prevents sudo from running as root.
sudo: If sudo is running in a container, you may need to adjust the container configuration to disable the flag.
-> error refreshing databases - exit status 1
In this commit ,the PR_SET_NO_NEW_PRIVS
flag is set, which I think causes the new error message.
A workaround:
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
perror("prctl(PR_SET_NO_NEW_PRIVS)");
exit(errno);
}
Remove these lines, and run command like this, which run graftcp
as root and yay
as a non-root user.
sudo ./graftcp sudo -u <your-username> yay
Thank you for your feedback.
Introducing PR_SET_NO_NEW_PRIVS
indeed brings new restrictions to gain superuser privileges. I'll look into a solution to this problem. If you have any new ideas, feedback is welcome.
Hi, Error message now reads:
$ graftcp yay sudo: The "no new privileges" flag is set, which prevents sudo from running as root. sudo: If sudo is running in a container, you may need to adjust the container configuration to disable the flag. -> error refreshing databases - exit status 1
In this commit ,the
PR_SET_NO_NEW_PRIVS
flag is set, which I think causes the new error message.A workaround:
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { perror("prctl(PR_SET_NO_NEW_PRIVS)"); exit(errno); }
Remove these lines, and run command like this, which run
graftcp
as root andyay
as a non-root user.
sudo ./graftcp sudo -u <your-username> yay
Hi, Error message now reads:
$ graftcp yay sudo: The "no new privileges" flag is set, which prevents sudo from running as root. sudo: If sudo is running in a container, you may need to adjust the container configuration to disable the flag. -> error refreshing databases - exit status 1
In this commit ,the
PR_SET_NO_NEW_PRIVS
flag is set, which I think causes the new error message.A workaround:
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { perror("prctl(PR_SET_NO_NEW_PRIVS)"); exit(errno); }
Remove these lines, and run command like this, which run
graftcp
as root andyay
as a non-root user.
sudo ./graftcp sudo -u <your-username> yay
@fangzhen I saw the solution implemented in strace and copied the code over. Now the command can be executed perfectly. Thanks to strace.
Describe the bug
graftcp sudo
does not work, sograftcp yay
which uses it will cause error.To Reproduce Try command
graftcp sudo
orgraftcp yay
Additional context I found some notes here
So maybe this will not be fixed? (I am not familiar with this)