chroot: add disable_root_check option (#7099)

* Initial commit * Update plugins/connection/chroot.py Co-authored-by: Felix Fontein <felix@fontein.de> * Add changelog fragment * Update changelogs/fragments/7099-chroot-disable-root-check-option.yml Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Сашка724ая <git@sashok724.net> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit bf728aa)
ansible-collections · Aug 14, 2023 · b1a9bc7 · b1a9bc7
1 parent c3baaa8
commit b1a9bc7
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 5 deletions.
diff --git a/changelogs/fragments/7099-chroot-disable-root-check-option.yml b/changelogs/fragments/7099-chroot-disable-root-check-option.yml
@@ -0,0 +1,2 @@
+minor_changes:
+  - "chroot connection plugin - add ``disable_root_check`` option (https://github.com/ansible-collections/community.general/pull/7099)."
diff --git a/plugins/connection/chroot.py b/plugins/connection/chroot.py
@@ -46,6 +46,19 @@
         vars:
           - name: ansible_chroot_exe
         default: chroot
+      disable_root_check:
+        description:
+            - Do not check that the user is not root.
+        ini:
+          - section: chroot_connection
+            key: disable_root_check
+        env:
+          - name: ANSIBLE_CHROOT_DISABLE_ROOT_CHECK
+        vars:
+          - name: ansible_chroot_disable_root_check
+        default: false
+        type: bool
+        version_added: 7.3.0
 '''
 
 EXAMPLES = r"""
@@ -102,11 +115,7 @@ def __init__(self, play_context, new_stdin, *args, **kwargs):
 
         self.chroot = self._play_context.remote_addr
 
-        if os.geteuid() != 0:
-            raise AnsibleError("chroot connection requires running as root")
-
-        # we're running as root on the local system so do some
-        # trivial checks for ensuring 'host' is actually a chroot'able dir
+        # do some trivial checks for ensuring 'host' is actually a chroot'able dir
         if not os.path.isdir(self.chroot):
             raise AnsibleError("%s is not a directory" % self.chroot)
 
@@ -120,6 +129,11 @@ def __init__(self, play_context, new_stdin, *args, **kwargs):
 
     def _connect(self):
         """ connect to the chroot """
+        if not self.get_option('disable_root_check') and os.geteuid() != 0:
+            raise AnsibleError(
+                "chroot connection requires running as root. "
+                "You can override this check with the `disable_root_check` option.")
+
         if os.path.isabs(self.get_option('chroot_exe')):
             self.chroot_cmd = self.get_option('chroot_exe')
         else: