Building off of this issue
I have modified a golang program whose intention is to start a new root process and execute a command using /bin/sudo to be the following:
if rootless.IsRootless() && scpOpts.Root {
syscall.Setuid(0)
syscall.Setgid(0)
var out bytes.Buffer
var stderr bytes.Buffer
cred := &syscall.Credential{0, 0, []uint32{}, false}
sys := &syscall.SysProcAttr{Credential: cred, Setpgid: true, GidMappingsEnableSetgroups: true,
Cloneflags: syscall.CLONE_NEWNS |
syscall.CLONE_NEWUTS |
syscall.CLONE_NEWIPC |
syscall.CLONE_NEWPID |
syscall.CLONE_NEWNET |
syscall.CLONE_NEWUSER,
UidMappings: []syscall.SysProcIDMap{
{
ContainerID: 0,
HostID: syscall.Getuid(),
Size: 1,
},
{
ContainerID: 1,
HostID: 0,
Size: 1,
},
},
GidMappings: []syscall.SysProcIDMap{
{
ContainerID: 0,
HostID: syscall.Getgid(),
Size: 1,
},
{
ContainerID: 1,
HostID: 0,
Size: 1,
},
},
}
cmd := exec.Command("/usr/bin/sudo", "podman", "image", "load", "--input="+scpOpts.Save.Output)
fmt.Println(cmd.Args)
cmd.SysProcAttr = sys
cmd.Stdout = &out
cmd.Env = os.Environ()
cmd.Stderr = &stderr
err = cmd.Run()
if err != nil {
fmt.Println(fmt.Sprint(err) + ": " + stderr.String())
return
}
fmt.Println("Result: " + out.String())
}
/bin/sudo is accepted and I am allowed to execute it, but I am getting an error that says
fork/exec /usr/bin/sudo: invalid argument: which I have realized means that the syscall.CLONE_NEWUSER flag is causing some issues. IS there any way to make this work or am I doing something wrong with my mappings?
