Hello, Jakub Kądziołka <[email protected]> skribis:
> Steps to reproduce: > > 0. [IMPORTANT] Make sure you will be able to reconfigure your system > when all setuid binaries stop working (this includes sudo, which > makes this, IMHO, a serious bug). > > Namely, either make sure you can log in as root, or keep a "sudo -s" > shell open. The latter is slightly more dangerous in the event of a > power outage. > > I would also recommend running "guix pull" in this recovery shell, as > a root login shell will use root's profile, and not your own. > 1. Add a non-existant file to your system configuration's > setuid-programs. For example, > > (setuid-programs (cons* > #~(string-append #$bash "/bin/enoent") > %setuid-programs)) > > 2. Reconfigure your system. > > $ sudo guix system reconfigure /etc/config.scm > > Actual behavior: > > activating system... > substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0% > building > /gnu/store/0ay9wd3wz4x0f5mgmbdfs72w98qvm68z-switch-to-system.scm.drv... > making '/gnu/store/7vwa2xd378fgwrkgwif7pi6ymshsf2jc-system' the current > system... > setting up setuid programs in '/run/setuid-programs'... > guix system: error: copy-file: No such file or directory: > "/run/setuid-programs/enoent" > $ sudoedit /etc/config.scm > -bash: /run/setuid-programs/sudoedit: No such file or directory > $ ls -l /run/setuid-programs > total 0 Good catch, I believe commit 7c4e4bac876190eae90635ba7d7f59892c31bcc6 fixes it. > 3. [OPTIONAL] Run a rollback. > > # guix system roll-back > > Expected behavior: /run/setuid-programs gets populated again. > Actual behavior: /run/setuid-programs is still empty. > > (Is this a separate bug with roll-back not restoring setuid-programs? No > idea, didn't test) It looks like a separate bug, yes. Could you report it separately? Thanks! Ludo’.
