vagrant-lxc-wrapper fails when TMPDIR is not /tmp
eigengrau opened this issue · 2 comments
vagrant-lxc-wrapper
currently expects that TMPDIR=/tmp
. E.g., TMPDIR=/run/user/1000 vagrant up
will fail, with no specific error message, since whitelist regexps only refer to /tmp
, whereas any temporary files created will reside elsewhere.
I'm not sure of the security implications of adding that kind of flexibility to a whitelist-based sudoers file. This whitelist already seems a bit fragile security-wise, it seems to me like it should be avoided in favor of unprivileged containers.
De-hardcoding /tmp
looks like something that will have many side-effects and that will require bug squashing in many places (or widening the whitelist so much that it becomes even more insecure).
If you produce a patch, we can continue the conversation around a specific proposition.