On 07/09/2014 07:17 AM, Michał Górny wrote: >>> c) 'esudo' helper [3]. This is a more generic form of (2), with >>> support for other potential privilege changes. >> >>> [...] >> >>> Disadvantages: >> >>> - hard to implement -- especially if we want to make it capable of >>> running bash functions. >> >> Any idea how to implement it? Does it imply adding app-admin/sudo to >> the system set? > > I don't think we'd use the reference 'sudo' impl. Rather some > in-portage helper, possibly setuid. Or portage's IPC but that would > imply running the command in an isolated environment (possibly > beneficial).
The environment doesn't necessarily have to be isolated, since we could extend the existing environment saving/loading support to be used for by esudo. The steps to implement the shared environment could be as follows: 1) When esudo is called, it saves the current (unprivileged) bash environment to a file. 2) esudo uses IPC to request that a process with elevated privileges be launched to run a specific command using the saved environment, and that the environment of the elevated process be saved to a file after the command completes. 3) Before esudo returns, it loads the environment that was saved by the elevated process before it exited. Of course, we could also use pipes as a substitute for saving the environments to temporary files. -- Thanks, Zac
