Sudo does not work
Closed this issue · 3 comments
After booting an OSTree based filesystem with composefs, I could not run sudo:
$ sudo ls /
-sh: /mnt/usr/bin/sudo: Permission denied
After some investigation, I discovered that the problem was permission. The permission below (4111) works with OSTree hard links, but doesn't work with composefs.
$ ls -l /usr/bin/sudo
---s--x--x 1 root root 189676 Jan 1 1970 /usr/bin/sudo
After regenerating the image with a+r for the sudo binary, it worked.
Is this expected?
I'm not sure why you are getting this. I've tried making a small image with a sudo in, and it seems to work, both with --format=composefs and --format=erofs:
$ mount
...
overlay on /root/composefs/mnt.erofs type overlay (ro,relatime,seclabel,lowerdir=/tmp/.composefs.C839JK:objects,redirect_dir=on,metacopy=on)
/proc/self/fd/3 on /root/composefs/mnt.cfs type composefs (ro,relatime,basedir=objects,verity_check=1)
# ls -l /root/composefs/mnt.erofs
total 200
-rw-r--r--. 1 root root 4 Apr 24 09:29 foo.txt
---s--x--x. 1 root root 185296 Jan 19 12:57 sudo
# /root/composefs/mnt.erofs/sudo
usage: sudo -h | -K | -k | -V
...
# ls -l /root/composefs/mnt.cfs
total 181
-rw-r--r--. 1 root root 4 Apr 24 09:29 foo.txt
---s--x--x. 1 root root 185296 Jan 19 12:57 sudo
[root@localhost ~]# /root/composefs/mnt.cfs/sudo
usage: sudo -h | -K | -k | -V
...
I wonder if the problem is your backing file? I.e. the one in basedir=... That one has to be readable (but not setuid)
Hmm, weird. Since you cannot reproduce it, I will close the issue for now. As soon as I have some time, I will do some investigation and reopen the issue if needed.