virtme-ng-init: hide additional sudo settings

Try to keep sudo settings as simple as possible and rely only on our custom /etc/sudoers. This can help to prevent potential permissions errors while using sudo inside a virtme-ng guest. Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
arighi · Feb 22, 2024 · a0d6fee · a0d6fee
1 parent 49615ab
commit a0d6fee
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/src/main.rs b/src/main.rs
@@ -174,6 +174,13 @@ const SYSTEM_MOUNTS: &[MountInfo] = &[
         flags: (libc::MS_NOSUID | libc::MS_NODEV) as usize,
         fsdata: "",
     },
+    MountInfo {
+        source: "tmpfs",
+        target: "/var/lib/sudo",
+        fs_type: "tmpfs",
+        flags: (libc::MS_NOSUID | libc::MS_NODEV) as usize,
+        fsdata: "",
+    },
     MountInfo {
         source: "tmpfs",
         target: "/var/lib/apt",
@@ -329,6 +336,9 @@ fn generate_sudoers() -> io::Result<()> {
     if let Ok(user) = env::var("virtme_user") {
         content += &format!("{} ALL = (ALL) NOPASSWD: ALL\n", user);
     }
+    if !Path::new("/etc/sudoers").exists() {
+        utils::create_file("/etc/sudoers", 0o0440, "").unwrap_or_else(|_| {});
+    }
     utils::create_file(fname, 0o0440, &content).ok();
     utils::do_mount(fname, "/etc/sudoers", "", libc::MS_BIND as usize, "");
     Ok(())