From 66ab4da724d066bdeacaf7e03f027d44ecc37f05 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 20 Sep 2018 20:33:00 +0200 Subject: [PATCH] Allow running under sudo(8) when desired This adds a --sudo flag, and the corresponding /etc/sudoers.d configuration snippet, to run everything under sudo(8) for debugging. --- fedora-toolbox | 45 +++++++++++++++++++++++++-------------------- fedora-toolbox-sudo | 2 ++ 2 files changed, 27 insertions(+), 20 deletions(-) create mode 100644 fedora-toolbox-sudo diff --git a/fedora-toolbox b/fedora-toolbox index 928e014..d5e0853 100755 --- a/fedora-toolbox +++ b/fedora-toolbox @@ -18,6 +18,8 @@ source /etc/os-release +prefix_sudo="" + toolbox_container="fedora-toolbox-$USER:$VERSION_ID" toolbox_prompt="🔹[\u@\h \W]\\$ " @@ -29,60 +31,60 @@ create() ( working_container_name="fedora-toolbox-working-container-$(uuidgen --time)" - if ! buildah images --noheading | grep --quiet $toolbox_image; then - if ! buildah from --name $working_container_name $base_toolbox_image >/dev/null 2>&42; then + if ! $prefix_sudo buildah images --noheading | grep --quiet $toolbox_image; then + if ! $prefix_sudo buildah from --name $working_container_name $base_toolbox_image >/dev/null 2>&42; then echo "$0: failed to create working container" exit 1 fi - if ! buildah containers --noheading | grep --quiet $working_container_name; then + if ! $prefix_sudo buildah containers --noheading | grep --quiet $working_container_name; then echo "$0: failed to create working container" exit 1 fi - if ! buildah run $working_container_name -- useradd \ + if ! $prefix_sudo buildah run $working_container_name -- useradd \ --no-create-home \ --uid $UID \ --groups wheel \ $USER \ >/dev/null 2>&42; then - buildah rmi $working_container_name >/dev/null 2>&42 + $prefix_sudo buildah rmi $working_container_name >/dev/null 2>&42 echo "$0: failed to create user $USER with UID $UID" exit 1 fi - if ! buildah run $working_container_name -- passwd -d $USER >/dev/null 2>&42; then - buildah rmi $working_container_name >/dev/null 2>&42 + if ! $prefix_sudo buildah run $working_container_name -- passwd -d $USER >/dev/null 2>&42; then + $prefix_sudo buildah rmi $working_container_name >/dev/null 2>&42 echo "$0: failed to remove password for user $USER" exit 1 fi - if ! buildah config --volume $HOME $working_container_name >/dev/null 2>&42; then - buildah rmi $working_container_name >/dev/null 2>&42 + if ! $prefix_sudo buildah config --volume $HOME $working_container_name >/dev/null 2>&42; then + $prefix_sudo buildah rmi $working_container_name >/dev/null 2>&42 echo "$0: failed to configure volume for $HOME" exit 1 fi - if ! buildah config --volume $XDG_RUNTIME_DIR $working_container_name >/dev/null 2>&42; then - buildah rmi $working_container_name >/dev/null 2>&42 + if ! $prefix_sudo buildah config --volume $XDG_RUNTIME_DIR $working_container_name >/dev/null 2>&42; then + $prefix_sudo buildah rmi $working_container_name >/dev/null 2>&42 echo "$0: failed to configure volume for /run/user/$UID" exit 1 fi - if ! buildah config --user $USER $working_container_name >/dev/null 2>&42; then - buildah rmi $working_container_name >/dev/null 2>&42 + if ! $prefix_sudo buildah config --user $USER $working_container_name >/dev/null 2>&42; then + $prefix_sudo buildah rmi $working_container_name >/dev/null 2>&42 echo "$0: failed to configure the default user as $USER" exit 1 fi - if ! buildah config --workingdir $HOME $working_container_name >/dev/null 2>&42; then - buildah rmi $working_container_name >/dev/null 2>&42 + if ! $prefix_sudo buildah config --workingdir $HOME $working_container_name >/dev/null 2>&42; then + $prefix_sudo buildah rmi $working_container_name >/dev/null 2>&42 echo "$0: failed to configure the initial working directory to $HOME" exit 1 fi - if ! buildah commit --rm $working_container_name $toolbox_image >/dev/null 2>&42; then - buildah rmi $working_container_name >/dev/null 2>&42 + if ! $prefix_sudo buildah commit --rm $working_container_name $toolbox_image >/dev/null 2>&42; then + $prefix_sudo buildah rmi $working_container_name >/dev/null 2>&42 echo "$0: failed to create image $toolbox_image" exit 1 fi @@ -91,7 +93,7 @@ create() max_uid_count=65536 max_minus_uid=$((max_uid_count-UID)) uid_plus_one=$((UID+1)) - if ! podman create \ + if ! $prefix_sudo podman create \ --group-add wheel \ --hostname toolbox \ --interactive \ @@ -115,12 +117,12 @@ create() enter() { - if ! podman start $toolbox_container >/dev/null 2>&42; then + if ! $prefix_sudo podman start $toolbox_container >/dev/null 2>&42; then echo "$0: failed to start container $toolbox_container" exit 1 fi - podman exec \ + $prefix_sudo podman exec \ --env COLORTERM=$COLORTERM \ --env DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION_BUS_ADDRESS \ --env DESKTOP_SESSION=$DESKTOP_SESSION \ @@ -163,6 +165,9 @@ while [[ "$1" == -* ]]; do usage exit ;; + --sudo ) + prefix_sudo="sudo" + ;; -v | --verbose ) exec 42>&2 ;; diff --git a/fedora-toolbox-sudo b/fedora-toolbox-sudo new file mode 100644 index 0000000..470c0ea --- /dev/null +++ b/fedora-toolbox-sudo @@ -0,0 +1,2 @@ +%wheel ALL=(root) NOPASSWD: /usr/bin/buildah +%wheel ALL=(root) NOPASSWD: /usr/bin/podman