You are not logged in.

#1 2018-12-17 09:17:07

AlanLyon
Member
Registered: 2018-12-17
Posts: 3

[SOLVED] Problem with sudo in QEMU User space emulator

I plan to use this script https://github.com/alpinelinux/alpine-c … ot-install to setup an ARM-based chroot environment on x86_64 ArchLinux. But I got some problems to get `sudo` working with non-root accounts, which seems to be related with some system/kernel parameters that I'm not familiar with.

I tested with a fresh ArchLinux installation (package: base wget), then

  1. install AUR: qemu-arm-static,

  2. get the `alpine-chroot-install` script, remove line 306--320 (which install the qemu-arm-static for Debian based OS),

  3. run `./alpine-chroot-install -a armhf` to initialize an ARM-based AlpineLinux chroot environment under `/alpine`,

  4. run `/alpine/enter-chroot`,

  5. create a user, test with sudo with the following commands:

    [root@vmarch ~]# /alpine/enter-chroot  ###
    vmarch:~# uname -a  ###
    Linux vmarch 4.19.8-arch1-1-ARCH #1 SMP PREEMPT Sat Dec 8 13:49:11 UTC 2018 armv7l Linux
    vmarch:~# adduser alice  ###
    Changing password for alice
    New password:
    Bad password: too short
    Retype password:
    passwd: password for alice changed by root
    vmarch:~# apk add sudo  ###
    OK: 140 MiB in 39 packages
    vmarch:~# su alice  ###
    vmarch:/root$ sudo  ###
    sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
    vmarch:/root$ ls -al /usr/bin/sudo  ###
    -rwsr-xr-x    1 root     root        114532 Jun 14  2018 /usr/bin/sudo

I also tested on a fresh Ubuntu 18.04 installation, with the same script mentioned above and the same `qemu-arm-static` image from the AUR package. Executables with `suid` mask (like sudo) work as expected.

AFAIK, I am using the same userspace binaries for the both systems,
but the QEMU User space emulator ends up with wrong effective uid for executables with suid attr on ArchLinux.

And idea to get QEMU User space emulator working with sudo on Arch?
Thanks in advance.

Last edited by AlanLyon (2018-12-22 02:27:38)

Offline

#2 2018-12-17 12:01:42

Lone_Wolf
Administrator
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 12,939

Re: [SOLVED] Problem with sudo in QEMU User space emulator

What filesystem is the chroot on ?


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

clean chroot building not flexible enough ?
Try clean chroot manager by graysky

Offline

#3 2018-12-17 12:35:25

AlanLyon
Member
Registered: 2018-12-17
Posts: 3

Re: [SOLVED] Problem with sudo in QEMU User space emulator

I tried the following filesystem configs with ArchLinux:

  • EXT4 partition, mounted as rw,relatime (the fresh ArchLinux)

  • XFS partition, mounted as rw,relatime,attr2,inode64,noquota

  • XFS image file, mounted without extra arguments

And the filesystem config for the fresh Ubuntu:

  • EXT4 partition, mounted as rw,relatime,errors=remount-ro,data=ordered

Offline

#4 2018-12-22 02:27:23

AlanLyon
Member
Registered: 2018-12-17
Posts: 3

Re: [SOLVED] Problem with sudo in QEMU User space emulator

Problem solved.
The config from AUR package `qemu-arm-static` doesn't allow to determine new process credentials based on program.
More specifically, for the binfmt config file located at `/usr/bin/binfmt.d/${arch}.conf` as its format described in https://en.wikipedia.org/wiki/Binfmt_misc,
the AUR package sets the `flags` to `F` without `O`, which prevents running executables with suid attribute as root.

Change the `flags` to `OC` and it works.

Offline

Board footer

Powered by FluxBB