Is this something that could be added to the roadmap? We'd really prefer to not have to call the snap itself with sudo as it creates some permissions issues (root-owned dirs in $HOME for example) and some other general flakiness. What would the sudo interface entail, just access to /usr/bin/sudo and /etc/sudoers.d/snap.mountpoint?
On Mon, Aug 8, 2016 at 5:27 AM, Oliver Grawert <o...@ubuntu.com> wrote: > hi, > Am Montag, den 08.08.2016, 09:36 +0200 schrieb Simon Fels: > > On 06.08.2016 15:54, Chris Wayne wrote: > > > > > > Hi guys, > > > > > > I seem to be having some issues while running anything as sudo from > > > within a > > > snap (namely bug https://bugs.launchpad.net/ubuntu/+source/snapd/+b > > > ug/1610292). > > If you package sudo within your snap snapcraft will strip the > > necessary > > suid bit from it so it wont work anymore. Only way to use sudo is to > > use > > the one from the core snap. > > > how would you hook into /etc/sudoers (or /etc/sudoers.d/) ? > snapd would have to install or bind-mount a sudoers file above the one > from the core snap ... you also need to make sure that your user exists > in the password db ... both gets very hairy in an all-snap image where > the core snap is actually the rootfs (and both of the above files are > required for having the system functional) > > i could imagine a sudo interface here (for the binary) and shipping a > generic /etc/sudoers.d/snapd mountpoint in the core snap where > snapd/snap-confine could bind-mount a shipped sudoers snippet, but that > still leaves the passwd db issue open... > > ciao > oli > -- > Snapcraft mailing list > Snapcraft@lists.snapcraft.io > Modify settings or unsubscribe at: https://lists.ubuntu.com/ > mailman/listinfo/snapcraft > >
-- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
