Tweak docker base image, approval script, and sudoers file; add Docker section to README#124
Tweak docker base image, approval script, and sudoers file; add Docker section to README#124haikuginger wants to merge 2 commits intomasterfrom
Conversation
…r section to README
|
|
| # syntax=docker/dockerfile:1 | ||
|
|
||
| FROM rust:latest AS base | ||
| FROM rust:1.52.1 AS base |
There was a problem hiding this comment.
Sometime between the last update and now, rust:latest started building the plugin in such a way that it causes a segfault when added to sudo.conf. Looking at bisecting that.
| To continue, another human must run: | ||
|
|
||
| docker exec -it %h '%B %u %p' | ||
| docker exec -it %h %B %u %p |
There was a problem hiding this comment.
Having the command and its params in quotes causes Docker to look for a file of that exact name, which then can't be found.
| @@ -1 +1 @@ | |||
| nobody ALL = (: games) NOPASSWD: LOG_OUTPUT: ALL | |||
| games ALL = (nobody) NOPASSWD:LOG_OUTPUT:ALL | |||
There was a problem hiding this comment.
This might be wrong—I kind of reverse-engineered this from what seemed like the expected behavior for the environment; nogroup is the restricted-access group which triggers sudo_pair, and nobody is the member of that group that we want to sudo as. Doing it as root just automatically succeeds, so we need to do it with a different user (presumably games, although most users would work).
2 participants
No description provided.