Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot run suid programs #17

Closed
amon-ra opened this issue Jan 29, 2017 · 8 comments
Closed

Cannot run suid programs #17

amon-ra opened this issue Jan 29, 2017 · 8 comments

Comments

@amon-ra
Copy link

amon-ra commented Jan 29, 2017

We are trying to run sudo inside the alpine docker image and it fails with:
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges

This may be related:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683205
@hurricanehrndz
Copy link

The problem is with the registration strings, it is missing the correct flags (POC, needs to be added as suffix) just as @amon-ra mentions. I have verified that if you use the upstream binfmt configuration script that sudo works on emulated CPUs.

moul added a commit that referenced this issue May 30, 2017
@moul
Use official qemu-binfmt-conf.sh script (#17)
10a8f58
@moul moul mentioned this issue May 30, 2017
Merged
moul added a commit that referenced this issue May 30, 2017
@moul
Use official qemu-binfmt-conf.sh script (#17)
54cb77e
@moul
Copy link
Member

moul commented May 30, 2017

I just opened a PR (#23) which uses the official script to configure binfmt

@greyltc
Copy link

greyltc commented Oct 9, 2018

I'm getting this today on version 2.12

@greyltc
Copy link

greyltc commented Oct 14, 2018

Should this bug be fixed in 2.12?

@alejandro-perez
Copy link

I also have this problem. Is there any way we can solve this?

@alejandro-perez
Copy link

Appears to be solved with docker run --rm --privileged multiarch/qemu-user-static:register --reset --credential yes

@isuruf isuruf mentioned this issue Feb 16, 2019
Closed
@manios manios mentioned this issue Apr 3, 2019
Closed
@junaruga
Copy link
Member

@amon-ra Could you solve this issue? are you fine to close this ticket?

@junaruga
Copy link
Member

junaruga commented Aug 6, 2019
edited
Loading

Now better alternative. The binfmt_misc files are updated as flags: OCF.

$ uname -m
x86_64

$ docker run --rm --privileged multiarch/qemu-user-static --reset -p yes --credential yes

$ cat /proc/sys/fs/binfmt_misc/qemu-aarch64
enabled
interpreter /usr/bin/qemu-aarch64-static
flags: OCF
offset 0
magic 7f454c460201010000000000000000000200b700
mask ffffffffffffff00fffffffffffffffffeffffff

Then run a Debian aarch64 container arm64v8/debian for testing.

$ docker run --rm -it arm64v8/debian bash

Then below commands work in the container. Though I do not know the warning "/bin/ls: /etc/sudoers: Function not implemented".

# apt-get -y update
# apt-get -y install sudo
# echo "test_user ALL = NOPASSWD: ALL" >> /etc/sudoers
# useradd -m test_user
# su - test_user
$ sudo ls -l /etc/sudoers 
/bin/ls: /etc/sudoers: Function not implemented
-r--r----- 1 root root 699 Aug  6 13:01 /etc/sudoers

I close this ticket. But feel free to reopen if you need something.
Thanks.

@junaruga junaruga closed this as completed Aug 6, 2019
@junaruga junaruga mentioned this issue Dec 17, 2019
Open
@z3ntu z3ntu mentioned this issue Dec 29, 2019
Closed
@martin-g martin-g mentioned this issue Mar 26, 2020
Open
@luser1990 luser1990 mentioned this issue Apr 12, 2020
Merged
@jiridanek jiridanek mentioned this issue Jun 5, 2020
Closed
@cerna cerna mentioned this issue Oct 6, 2020
Open
@faddat faddat mentioned this issue Nov 19, 2020
Closed
14 tasks
@benalexau benalexau mentioned this issue Apr 12, 2022
Merged
theCalcaholic added a commit to nextcloud/nextcloudpi that referenced this issue Sep 23, 2022
@theCalcaholic
build-docker.yml: Add workaround for qemu/sudo bug
7b06986 
for reference: multiarch/qemu-user-static#17

Signed-off-by: thecalcaholic <6317548+theCalcaholic@users.noreply.github.com>
theCalcaholic added a commit to nextcloud/nextcloudpi that referenced this issue Sep 23, 2022
@theCalcaholic
build-docker.yml, build-sd-images.yml: Add workaround for qemu/sudo bug
9fc24a6 
for reference: multiarch/qemu-user-static#17

Signed-off-by: thecalcaholic <6317548+theCalcaholic@users.noreply.github.com>
theCalcaholic added a commit to nextcloud/nextcloudpi that referenced this issue Sep 27, 2022
@theCalcaholic
build-docker.yml: Add workaround for qemu/sudo bug
1f88925 
for reference: multiarch/qemu-user-static#17

Signed-off-by: thecalcaholic <6317548+theCalcaholic@users.noreply.github.com>
theCalcaholic added a commit to nextcloud/nextcloudpi that referenced this issue Sep 27, 2022
@theCalcaholic
build-docker.yml, build-sd-images.yml: Add workaround for qemu/sudo bug
76778bb 
for reference: multiarch/qemu-user-static#17

Signed-off-by: thecalcaholic <6317548+theCalcaholic@users.noreply.github.com>
@CamJN CamJN mentioned this issue Oct 5, 2022
Closed
@kassane kassane mentioned this issue Apr 9, 2024
Closed
aladur added a commit to aladur/flexemu that referenced this issue Aug 28, 2024
@aladur
Update docker build documentation.
adc0735 
- Add parameter "--credential yes" when initializing qemu backend.
  This avoids an error message Error: sudo: effective uid is not 0 ...
  for docker images which have a different CPU architecture as the
  host when using sudo command.
  see: https://gitlab.alpinelinux.org/alpine/docker-abuild/-/issues/47
  see: multiarch/qemu-user-static#17
lzufalcon added a commit to tinyclub/cloud-lab that referenced this issue Sep 13, 2024
@lzufalcon
fix up sudo issue for loongarch-lab
749d334 
The newer qemu requires additional OCF flags to let users switch to
root, let's apply such flags.

ref: multiarch/qemu-user-static#17

Signed-off-by: Wu Zhangjin <falcon@tinylab.org>
lzufalcon added a commit to tinyclub/cloud-lab that referenced this issue Sep 13, 2024
@lzufalcon
fix up sudo issue for linux-lab
8e612d0 
The newer qemu requires additional OCF flags to let users switch to
root, let's apply such flags.

ref: multiarch/qemu-user-static#17

Signed-off-by: Wu Zhangjin <falcon@tinylab.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@moul @junaruga @amon-ra @alejandro-perez @hurricanehrndz @greyltc