Unbreak 'enter' on Fedora CoreOS

... and other hybrid set-ups where the host and container OSes aren't the same. The entry point of a toolbox container already runs as root:root. Therefore, there's no need to run it with an additional group. Interactive shells spawned by 'sudo su -' both inside the container and on the host don't run with such an additional group either. They run just as root:root. This prevented toolbox containers from starting up on Fedora CoreOS hosts, because CoreOS has both the 'sudo' and 'wheel' groups but the fedora-toolbox images only have the 'wheel' group. Therefore, it ended up calling 'podman create --group-add sudo ...', and since the 'sudo' group was missing from the image, the container failed to start. The --group-add flag was added in commit 4bda42d when the entry point ran as $USER as specified in the user-specific customized image. The additional group was specified to retain consistency with interactive shells run as $USER. Since then, things have changed. There's no longer any user-specific customized image and commit f74400f made the entry point run as root:root. The --group-add flag should have been removed as part of those changes. containers#423
debarshiray · Aug 28, 2020 · 15173f8 · 15173f8
1 parent 3b6b9e9
commit 15173f8
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 12 deletions.
diff --git a/src/cmd/create.go b/src/cmd/create.go
@@ -191,11 +191,6 @@ func createContainer(container, image, release string, showCommandToEnter bool)
 	toolboxPathEnvArg := "TOOLBOX_PATH=" + toolboxPath
 	toolboxPathMountArg := toolboxPath + ":/usr/bin/toolbox:ro"
 
-	sudoGroup, err := utils.GetGroupForSudo()
-	if err != nil {
-		return err
-	}
-
 	logrus.Debug("Checking if 'podman create' supports '--ulimit host'")
 
 	var ulimitHost []string
@@ -339,7 +334,6 @@ func createContainer(container, image, release string, showCommandToEnter bool)
 		"create",
 		"--dns", "none",
 		"--env", toolboxPathEnvArg,
-		"--group-add", sudoGroup,
 		"--hostname", "toolbox",
 		"--ipc", "host",
 		"--label", "com.github.containers.toolbox=true",

diff --git a/toolbox b/toolbox
@@ -982,11 +982,6 @@ create()
         return 1
     fi
 
-    if ! group_for_sudo=$(get_group_for_sudo); then
-        echo "$base_toolbox_command: failed to create container $toolbox_container: group for sudo not found" >&2
-        return 1
-    fi
-
     if [ -f /etc/profile.d/toolbox.sh ] 2>&3; then
         toolbox_profile_bind="--volume /etc/profile.d/toolbox.sh:/etc/profile.d/toolbox.sh:ro"
     elif [ -f /usr/share/profile.d/toolbox.sh ] 2>&3; then
@@ -1078,7 +1073,6 @@ create()
     $podman_command create \
             --dns none \
             --env TOOLBOX_PATH="$TOOLBOX_PATH" \
-            --group-add "$group_for_sudo" \
             --hostname toolbox \
             --ipc host \
             --label "com.github.containers.toolbox=true" \