You are not logged in.

#1 2018-12-17 09:17:07

Registered: 2018-12-17
Posts: 3

[SOLVED] Problem with sudo in QEMU User space emulator

I plan to use this script … ot-install to setup an ARM-based chroot environment on x86_64 ArchLinux. But I got some problems to get `sudo` working with non-root accounts, which seems to be related with some system/kernel parameters that I'm not familiar with.

I tested with a fresh ArchLinux installation (package: base wget), then

  1. install AUR: qemu-arm-static,

  2. get the `alpine-chroot-install` script, remove line 306--320 (which install the qemu-arm-static for Debian based OS),

  3. run `./alpine-chroot-install -a armhf` to initialize an ARM-based AlpineLinux chroot environment under `/alpine`,

  4. run `/alpine/enter-chroot`,

  5. create a user, test with sudo with the following commands:

    [root@vmarch ~]# /alpine/enter-chroot  ###
    vmarch:~# uname -a  ###
    Linux vmarch 4.19.8-arch1-1-ARCH #1 SMP PREEMPT Sat Dec 8 13:49:11 UTC 2018 armv7l Linux
    vmarch:~# adduser alice  ###
    Changing password for alice
    New password:
    Bad password: too short
    Retype password:
    passwd: password for alice changed by root
    vmarch:~# apk add sudo  ###
    OK: 140 MiB in 39 packages
    vmarch:~# su alice  ###
    vmarch:/root$ sudo  ###
    sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
    vmarch:/root$ ls -al /usr/bin/sudo  ###
    -rwsr-xr-x    1 root     root        114532 Jun 14  2018 /usr/bin/sudo

I also tested on a fresh Ubuntu 18.04 installation, with the same script mentioned above and the same `qemu-arm-static` image from the AUR package. Executables with `suid` mask (like sudo) work as expected.

AFAIK, I am using the same userspace binaries for the both systems,
but the QEMU User space emulator ends up with wrong effective uid for executables with suid attr on ArchLinux.

And idea to get QEMU User space emulator working with sudo on Arch?
Thanks in advance.

Last edited by AlanLyon (2018-12-22 02:27:38)


#2 2018-12-17 12:01:42

Forum Moderator
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 12,181

Re: [SOLVED] Problem with sudo in QEMU User space emulator

What filesystem is the chroot on ?

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

(A works at time B)  && (time C > time B ) ≠  (A works at time C)


#3 2018-12-17 12:35:25

Registered: 2018-12-17
Posts: 3

Re: [SOLVED] Problem with sudo in QEMU User space emulator

I tried the following filesystem configs with ArchLinux:

  • EXT4 partition, mounted as rw,relatime (the fresh ArchLinux)

  • XFS partition, mounted as rw,relatime,attr2,inode64,noquota

  • XFS image file, mounted without extra arguments

And the filesystem config for the fresh Ubuntu:

  • EXT4 partition, mounted as rw,relatime,errors=remount-ro,data=ordered


#4 2018-12-22 02:27:23

Registered: 2018-12-17
Posts: 3

Re: [SOLVED] Problem with sudo in QEMU User space emulator

Problem solved.
The config from AUR package `qemu-arm-static` doesn't allow to determine new process credentials based on program.
More specifically, for the binfmt config file located at `/usr/bin/binfmt.d/${arch}.conf` as its format described in,
the AUR package sets the `flags` to `F` without `O`, which prevents running executables with suid attribute as root.

Change the `flags` to `OC` and it works.


Board footer

Powered by FluxBB