Bug - Sudo effective user don't work with --seccomp-bpf #126
Sid Sharma
sidhu97ss at gmail.com
Thu Feb 27 18:29:28 UTC 2020
Hello I am new to opensorce
and trying to fix this bug
sudo won't work with --secomp-bpf
Am I correct in assuming that seccomp mode allows only one way
transition allowing only few sys calls
and strace is unconditionally set to PR_SET_NO_NEW_PRIVS which makes
execve promise not to execute anything
So any Setuser-IDs, set-group-ID and file capabilities are rendered
non-funtional
but we cannot unset the permission and strace is not privileged
enough to perform the functions we want
This gets us into a tricky situation and we cannot go on any further
Can someone suggest a solution, b'coz I want to solve it myself
More information about the Strace-devel
mailing list