mirror/flatpak
1
0
Fork 0
mirror of https://github.com/flatpak/flatpak.git synced 2026-01-30 10:31:21 -05:00
Code Issues Packages Projects Releases Wiki Activity

enter: Make sure sudo -E works when using setuid brwap

Browse Source 
This also updates the manpage so it is correct wrt permissions and
sudo.
This commit is contained in:
Alexander Larsson
2019-11-20 12:56:02 +01:00
committed by Alexander Larsson
parent 6d68094879
commit 4718bcccfd
2 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app/flatpak-builtins-enter.c
View File

@@ -129,13 +129,13 @@ flatpak_builtin_enter (int argc,
}
if (pid <= 0)
return flatpak_fail (error, _("%s is neither a pid nor an application or instance ID"), pid_s);
return flatpak_fail (error, _("%s is neither a pid nor an application or instance ID, or sudo -E"), pid_s);
stat_path = g_strdup_printf ("/proc/%d/root", pid);
if (stat (stat_path, &stat_buf))
{
if (errno == EACCES)
return flatpak_fail (error, _("entering not supported (need unprivileged user namespaces)"));
return flatpak_fail (error, _("entering not supported (need unprivileged user namespaces, or sudo -E)"));
return flatpak_fail (error, _("No such pid %s"), pid_s);
}
@@ -220,6 +220,12 @@ flatpak_builtin_enter (int argc,
if (chroot (root_link))
return flatpak_fail (error, _("Can't chroot"));
if (setgid (gid))
return flatpak_fail (error, _("Can't switch gid"));
if (setuid (uid))
return flatpak_fail (error, _("Can't switch uid"));
drop_all_caps ();
envp_array = g_ptr_array_new_with_free_func (g_free);
@@ -266,12 +272,6 @@ flatpak_builtin_enter (int argc,
g_ptr_array_add (argv_array, g_strdup (argv[rest_argv_start + i]));
g_ptr_array_add (argv_array, NULL);
if (setgid (gid))
return flatpak_fail (error, _("Can't switch gid"));
if (setuid (uid))
return flatpak_fail (error, _("Can't switch uid"));
if (!g_spawn_sync (NULL, (char **) argv_array->pdata, (char **) envp_array->pdata,
G_SPAWN_SEARCH_PATH_FROM_ENVP | G_SPAWN_CHILD_INHERITS_STDIN,
NULL, NULL,

4
doc/flatpak-enter.xml
View File

@@ -59,8 +59,8 @@
This is useful when you want to debug a problem with a running application.
</para>
<para>
This command requires extra privileges, so must be run as root or via e.g. sudo.
To get TAB completion for the application ID, use sudo -E.
This command works as a regular user if the system support unprivileged user namespace. If
that is not available you need to run run it like: <command>sudo -E flatpak enter</command>.
</para>
</refsect1>