Re: Proposal: su-exec in Fedora Base Image
On 11/08/2016 06:57 PM, Colin Walters wrote: On Tue, Nov 8, 2016, at 10:49 AM, Josh Berkus wrote: Someone's written a tiny C implementation of gosu: https://github.com/ncopa/su-exec This is seems close to `runuser` from util-linux, which would just need to be taught an option like --exec to `execve` rather than having a parent process. And to not run through the PAM session stack. ___ cloud mailing list -- cloud@lists.fedoraproject.org To unsubscribe send an email to cloud-le...@lists.fedoraproject.org someone submitted it for review https://bugzilla.redhat.com/show_bug.cgi?id=1393044 ___ cloud mailing list -- cloud@lists.fedoraproject.org To unsubscribe send an email to cloud-le...@lists.fedoraproject.org
Re: Proposal: su-exec in Fedora Base Image
On 11/08/2016 03:57 PM, Colin Walters wrote: > > > On Tue, Nov 8, 2016, at 10:49 AM, Josh Berkus wrote: >> Someone's written a tiny C implementation of gosu: >> >> https://github.com/ncopa/su-exec > > This is seems close to `runuser` from util-linux, > which would just need to be taught an option like > --exec to `execve` rather than having a parent process. > And to not run through the PAM session stack. Could we open an issue upstream to vet this as an alternative? Either way it seems like there is a perceived use case here that isn't being addressed. We should consider the options. Dusty ___ cloud mailing list -- cloud@lists.fedoraproject.org To unsubscribe send an email to cloud-le...@lists.fedoraproject.org
Re: Proposal: su-exec in Fedora Base Image
On Tue, Nov 8, 2016, at 10:49 AM, Josh Berkus wrote: > Someone's written a tiny C implementation of gosu: > > https://github.com/ncopa/su-exec This is seems close to `runuser` from util-linux, which would just need to be taught an option like --exec to `execve` rather than having a parent process. And to not run through the PAM session stack. ___ cloud mailing list -- cloud@lists.fedoraproject.org To unsubscribe send an email to cloud-le...@lists.fedoraproject.org
Proposal: su-exec in Fedora Base Image
Someone's written a tiny C implementation of gosu: https://github.com/ncopa/su-exec This is invaluable for entrypoint scripts, as a way of demoting permissions without losing TTY. Could we include it? -- -- Josh Berkus Project Atomic Red Hat OSAS ___ cloud mailing list -- cloud@lists.fedoraproject.org To unsubscribe send an email to cloud-le...@lists.fedoraproject.org
