mirror/flatpak
1
0
Fork 0
mirror of https://github.com/flatpak/flatpak.git synced 2026-05-19 14:22:18 -04:00
Code Issues Packages Projects Releases Wiki Activity

enter: Make sure sudo -E works when using setuid brwap

Browse Source 
This also updates the manpage so it is correct wrt permissions and
sudo.
This commit is contained in:
Alexander Larsson
2019-11-20 12:56:02 +01:00
committed by Alexander Larsson
parent 6d68094879
commit 4718bcccfd
2 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app/flatpak-builtins-enter.c
View File

@@ -129,13 +129,13 @@ flatpak_builtin_enter (int argc,
} }
if (pid <= 0) if (pid <= 0)
return flatpak_fail (error, _("%s is neither a pid nor an application or instance ID"), pid_s); return flatpak_fail (error, _("%s is neither a pid nor an application or instance ID, or sudo -E"), pid_s);
stat_path = g_strdup_printf ("/proc/%d/root", pid); stat_path = g_strdup_printf ("/proc/%d/root", pid);
if (stat (stat_path, &stat_buf)) if (stat (stat_path, &stat_buf))
{ {
if (errno == EACCES) if (errno == EACCES)
return flatpak_fail (error, _("entering not supported (need unprivileged user namespaces)")); return flatpak_fail (error, _("entering not supported (need unprivileged user namespaces, or sudo -E)"));
return flatpak_fail (error, _("No such pid %s"), pid_s); return flatpak_fail (error, _("No such pid %s"), pid_s);
} }
@@ -220,6 +220,12 @@ flatpak_builtin_enter (int argc,
if (chroot (root_link)) if (chroot (root_link))
return flatpak_fail (error, _("Can't chroot")); return flatpak_fail (error, _("Can't chroot"));
if (setgid (gid))
return flatpak_fail (error, _("Can't switch gid"));
if (setuid (uid))
return flatpak_fail (error, _("Can't switch uid"));
drop_all_caps (); drop_all_caps ();
envp_array = g_ptr_array_new_with_free_func (g_free); envp_array = g_ptr_array_new_with_free_func (g_free);
@@ -266,12 +272,6 @@ flatpak_builtin_enter (int argc,
g_ptr_array_add (argv_array, g_strdup (argv[rest_argv_start + i])); g_ptr_array_add (argv_array, g_strdup (argv[rest_argv_start + i]));
g_ptr_array_add (argv_array, NULL); g_ptr_array_add (argv_array, NULL);
if (setgid (gid))
return flatpak_fail (error, _("Can't switch gid"));
if (setuid (uid))
return flatpak_fail (error, _("Can't switch uid"));
if (!g_spawn_sync (NULL, (char **) argv_array->pdata, (char **) envp_array->pdata, if (!g_spawn_sync (NULL, (char **) argv_array->pdata, (char **) envp_array->pdata,
G_SPAWN_SEARCH_PATH_FROM_ENVP | G_SPAWN_CHILD_INHERITS_STDIN, G_SPAWN_SEARCH_PATH_FROM_ENVP | G_SPAWN_CHILD_INHERITS_STDIN,
NULL, NULL, NULL, NULL,

4
doc/flatpak-enter.xml
View File

@@ -59,8 +59,8 @@
This is useful when you want to debug a problem with a running application. This is useful when you want to debug a problem with a running application.
</para> </para>
<para> <para>
This command requires extra privileges, so must be run as root or via e.g. sudo. This command works as a regular user if the system support unprivileged user namespace. If
To get TAB completion for the application ID, use sudo -E. that is not available you need to run run it like: <command>sudo -E flatpak enter</command>.
</para> </para>
</refsect1> </refsect1>