Error Message When Using sudo

[isrgish]

Problem description

When I use proot either with -i uid:gid or using -0 and then login in as different user I can't use sudo. I get the following message sudo: The "no new privileges" flag is set, which prevents sudo from running as root. sudo: If sudo is running in a container, you may need to adjust the container configuration to disable the flag.

I have been able in the past to use sudo but I don't know what I might have done differently. This I;m sure of that I didn't start proot from a root user.

Steps to reproduce

I'm running the following script

cd $(dirname $0)

## unset LD_PRELOAD in case termux-exec is installed
unset LD_PRELOAD
command="proot"
command+=" --kill-on-exit"
command+=" --link2symlink"
command+=" -i 10232:10232"
command+=" -r /data/data/com.termux/files/ubuntu22-fs"
if [ -n "$(ls -A /data/data/com.termux/files/ubuntu22-binds)" ]; then
    for "f" in /data/data/com.termux/files/ubuntu22-binds/* ;do
      . "$f"
    done
fi
command+=" -b /dev"
command+=" -b /proc"
command+=" -b /sys"
command+=" -b /data"
command+=" -b /data/data/com.termux/files/ubuntu22-fs/root:/dev/shm"
command+=" -b /proc/self/fd/2:/dev/stderr"
command+=" -b /proc/self/fd/1:/dev/stdout"
command+=" -b /proc/self/fd/0:/dev/stdin"
command+=" -b /dev/urandom:/dev/random"
command+=" -b /proc/self/fd:/dev/fd"
command+=" -b /data/data/com.termux/files/ubuntu22-fs/proc/fakethings/stat:/proc/stat"
command+=" -b /data/data/com.termux/files/ubuntu22-fs/proc/fakethings/vmstat:/proc/vmstat"
command+=" -b /data/data/com.termux/files/ubuntu22-fs/proc/fakethings/version:/proc/version"
command+=" -b /data/data/com.termux/files:/storage/termux"
command+=" -b /:/storage/root"
command+=" -b /storage/emulated/0:/storage/emulated/0"
   user=sruly
   HM=/home/$user
command+=" -w $HM"
command+=" /usr/bin/env -i"
command+=" MOZ_FAKE_NO_SANDBOX=1"
command+=" HOME=$HM"
command+=" PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/games:/usr/local/games"
command+=" TERM=$TERM"
command+=" LANG=C.UTF-8"
command+=" /bin/bash --login"
com="$@"
if [ -z "$1" ];then
    exec $command
else
    $command -c "$com"
fi

Then I try sudo test This is where I get the error message.

Expected behavior

Expected that sudo works

Additional information

Termux Variables:
TERMUX_API_VERSION=0.50.1
TERMUX_APK_RELEASE=F_DROID
TERMUX_APP_PACKAGE_MANAGER=apt
TERMUX_APP_PID=5327
TERMUX_IS_DEBUGGABLE_BUILD=0
TERMUX_MAIN_PACKAGE_FORMAT=debian
TERMUX_VERSION=0.118.0
Packages CPU architecture:
aarch64
Subscribed repositories:
# sources.list
deb https://packages-cf.termux.dev/apt/termux-main/ stable main
# sources.list.d/science.list
deb https://packages.termux.org/apt/termux-science science stable
# root-repo (sources.list.d/root.list)
deb https://packages-cf.termux.dev/apt/termux-root/ root stable
# x11-repo (sources.list.d/x11.list)
deb https://packages-cf.termux.dev/apt/termux-x11/ x11 main
# sources.list.d/game.list
deb https://packages.termux.org/apt/termux-games games stable
# sources.list.d/pointless.list
deb https://its-pointless.github.io/files/24 termux extras
Updatable packages:
babl/stable 0.1.102 aarch64 [upgradable from: 0.1.100]
chromaprint/stable 1.5.1-p20221217-1 aarch64 [upgradable from: 1.5.1-p20221217-0]
command-not-found/stable 2.1.0-12 aarch64 [upgradable from: 2.1.0-11]
dpkg/stable 1.21.21 aarch64 [upgradable from: 1.21.20]
emacs/stable 28.3-rc1-0 aarch64 [upgradable from: 28.2-1]
exa/stable 0.10.1-6 aarch64 [upgradable from: 0.10.1-5]
exiftool/stable 12.57 all [upgradable from: 12.56]
ffmpeg/stable 6.0 aarch64 [upgradable from: 5.1.2-7]
firefox/x11 110.0.1 aarch64 [upgradable from: 110.0]
libass/stable 0.17.1 aarch64 [upgradable from: 0.17.0]
libgit2/stable 1.6.2 aarch64 [upgradable from: 1.5.1]
libwayland-protocols/stable 1.31-1 all [upgradable from: 1.31]
libwayland/stable 1.21.0-1 aarch64 [upgradable from: 1.21.0]
make/stable 4.4.1 aarch64 [upgradable from: 4.4-1]
megacmd/stable 1.5.1-3 aarch64 [upgradable from: 1.5.1-2]
strace/stable 6.2 aarch64 [upgradable from: 6.1]
tar/stable 1.34-2 aarch64 [upgradable from: 1.34-1]
tigervnc-viewer/x11 1.13.1 aarch64 [upgradable from: 1.13.0]
vim-runtime/stable 9.0.1350 all [upgradable from: 9.0.1300]
vim/stable 9.0.1350 aarch64 [upgradable from: 9.0.1300]
vlc-qt/x11 3.0.18-3 aarch64 [upgradable from: 3.0.18-2]
termux-tools version:
1.37.0
Android version:
10
Kernel build information:
Linux localhost 4.9.190+ #1 SMP PREEMPT Mon Feb 28 18:54:42 CST 2022 aarch64 Android
Device manufacturer:
LENOVO
Device model:
Lenovo TB-8705F
LD Variables:
LD_LIBRARY_PATH=
LD_PRELOAD=/data/data/com.termux/files/usr/lib/libtermux-exec.so

[michalbednarski]

Looks like your sudo binary doesn't have set-uid bit set. Run

chmod u+s /usr/bin/sudo

(Inside proot's fake_id0 any set-uid exec sets uid to root)

That message indicates that sudo isn't running with root effective uid. While it is true that inside proot prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0) reports true, that thing in itself appears to not have caused problems so far

[isrgish]

@michalbednarski Thanks this worked.

[isrgish]

Now when I use sudo I get a message sudo: unable to send audit message: Operation not permitted

Even after this message whatever I'm trying to do works. I was just wondering why I get the message.