On 04/01/2020 08:35, Giovanni Mascellani wrote:
Package: schroot
Version: 1.6.10-7
Severity: important
Hi,
with today's update (1.6.10-7), schroot does not work anymore for
non-root users (which are still authorized by mean of the "users"
directive)
I suspect the problem might be related to the fact that /usr/bin/schroot
is not set-uid anymore, while it was before. Executing
# chmod u+s /usr/bin/schroot
fixes the problem for me.
schroot absolutely requires being installed setuid root. Like sudo and
su, it's required for PAM auth and setuid() and setgid() calls, as well
as the chroot() call and performing privileged actions like mounting and
unmounting filesystems.
In the past, I did consider making it a service accessed via a socket,
so that we could have an unprivileged client binary and a privileged
server process. It's still a reasonable approach to take, but it
requires time and effort to design and implement which I haven't had to
spare.
Kind regards,
Roger
