Skip to content

Comments

sanoid: fix sudo for syncoid#391043

Merged
pbsds merged 1 commit intoNixOS:masterfrom
Tillerino:syncoid-fix-sudo
Mar 24, 2025
Merged

sanoid: fix sudo for syncoid#391043
pbsds merged 1 commit intoNixOS:masterfrom
Tillerino:syncoid-fix-sudo

Conversation

@Tillerino
Copy link
Contributor

@Tillerino Tillerino commented Mar 18, 2025
edited
Loading

Syncoid, which is one of the scripts in the sanoid package, calls sudo if the local user is not root.

The package adds /run/booted-system/sw/bin to the path of all scripts. If I understand correctly, this is to make sure to use the ZFS binaries of the OS rather than anything that the user might have installed - the binaries need to exactly match the file system daemon. The issue is that /run/booted-system/sw/bin also contains the raw sudo binary, which cannot be called:

> /run/booted-system/sw/bin/sudo echo
sudo: /run/booted-system/sw/bin/sudo must be owned by uid 0 and have the setuid bit set

This leads to the syncoid script failing when called as non-root.

To fix this, we add /run/wrappers/bin to the path before /run/booted-system/sw/bin such that the correct sudo is used.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@Tillerino
Copy link
Contributor Author

Tillerino commented Mar 18, 2025

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 391043

x86_64-linux

✅ 1 package built:
  • sanoid

@github-actions github-actions bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Mar 18, 2025
@Tillerino Tillerino marked this pull request as ready for review March 19, 2025 06:53
@nix-owners nix-owners bot requested review from Frostman and lopsided98 March 19, 2025 07:00
@pbsds pbsds merged commit badeba7 into NixOS:master Mar 24, 2025
79 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Frostman Frostman Awaiting requested review from Frostman

@lopsided98 lopsided98 Awaiting requested review from lopsided98

Assignees

No one assigned

Labels

10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Tillerino @pbsds