diskimage-builder/elements
Ian Wienand 672705831f Add a best-effort sudo safety check
As motivation for this; we have had two breakouts of dib in recent
memory.  One was a failure to unmount through symlinks in the core
code (I335316019ef948758392b03e91f9869102a472b9) and the other was
removing host keys on the build-system
(Ib01d71ff9415a0ae04d963f6e380aab9ac2260ce).

For the most part, dib runs unprivileged.  Bits of the core code are
hopefully well tested (modulo bugs like the first one!).  We give free
reign inside the chroot (although there is still some potential there
for adverse external affects via bind mounts).  Where we could be a
bit safer (and could have prevented at least the second of these
breakouts) is with some better checking that the "sudo" calls
*outside* the chroot at least looked sane.

This adds a basic check that we're using chroot or image paths when
calling sudo in those parts of elements that run *outside* the chroot.
Various files are updated to accomodate this check; mostly by just
ignoring it for existing code (I have not audited these calls).

Nobody is pretending this type of checking makes dib magically safe,
or removes the issues with it needing to do things as root during the
build.  But this can help find egregious errors like the key removal.

Change-Id: I161a5aea1d29dcdc7236f70d372c53246ec73749
2016-05-09 15:41:38 +10:00
..
apt-conf Update apt-conf elements README from free text to table formatting 2015-10-08 17:12:46 -07:00
apt-preferences Update apt-preferences element README from free text to table formatting 2015-10-08 17:14:16 -07:00
apt-sources Add a best-effort sudo safety check 2016-05-09 15:41:38 +10:00
architecture-emulation-binaries Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
baremetal Add a best-effort sudo safety check 2016-05-09 15:41:38 +10:00
base Fix add-apt-repository package for precise 2016-04-06 11:08:07 -07:00
bootloader Add a best-effort sudo safety check 2016-05-09 15:41:38 +10:00
cache-url Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
centos Change to latest CentOS-6 image 2016-04-20 10:44:09 -07:00
centos7 Merge "Download a compressed centos cloud images" 2015-09-18 10:18:55 +00:00
centos-minimal centos-minimal does not provide base 2016-03-10 13:51:08 +11:00
cleanup-kernel-initrd Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
cloud-init Add new cloud-init element 2016-02-01 21:03:03 -06:00
cloud-init-datasources Simple-init should disable cloud-init 2015-05-11 16:55:02 +00:00
cloud-init-disable-resizefs Fix cloud-init-disable-resizefs README title 2016-03-01 21:49:10 -08:00
cloud-init-nocloud Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
debian Debian: dont set always the hostname to debian 2016-04-06 11:05:53 +02:00
debian-minimal debian-minimal: configurable debootstrap components 2016-02-12 22:57:58 +01:00
debian-systemd Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
debian-upstart Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
debootstrap Merge "Remove cloud-initramfs-growroot package" 2016-05-03 13:24:53 +00:00
deploy Create docs site containing element READMEs 2015-02-10 11:45:35 -08:00
deploy-baremetal Create docs site containing element READMEs 2015-02-10 11:45:35 -08:00
deploy-ironic deploy-ironic: Fix syntax error when checking for root device hints 2016-01-07 12:06:19 +00:00
deploy-kexec Create docs site containing element READMEs 2015-02-10 11:45:35 -08:00
deploy-targetcli Optimize Python install in deploy-targetcli 2015-06-22 13:19:14 -05:00
deploy-tgtadm No markdown docs for elements 2015-04-02 23:55:19 +00:00
devuser Fix devuser pubkey defaults 2015-10-13 17:54:09 -07:00
dhcp-all-interfaces Use generic "dhcp-client" name 2016-04-22 11:31:54 +10:00
dib-init-system Depend on ifupdown in simple-init 2016-02-20 08:19:21 -06:00
dib-python Fix spurious = in dib-python readme 2016-03-07 04:47:35 +00:00
dib-run-parts/root.d dib-run-parts: make cp to target root more robust 2016-04-05 16:29:57 +02:00
disable-selinux/post-install.d Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
dkms Make dkms element depend on dkms package 2015-12-26 22:07:19 +00:00
docker Add base element for using docker as image base 2015-07-19 10:23:34 +00:00
dpkg Add a best-effort sudo safety check 2016-05-09 15:41:38 +10:00
dracut-network Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
dracut-ramdisk Make troubleshoot work with dracut ramdisks 2015-04-08 12:54:32 -05:00
dynamic-login Follow up patch for 25d3ee5471 2015-12-01 14:11:40 +00:00
element-manifest Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
enable-serial-console Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
epel The mirror for installing epel is timing out 2016-01-04 07:45:34 -05:00
fedora Remove zero length files 2016-01-20 19:08:54 -05:00
fedora-minimal Remove fedora-minimal/install.d/99-ramdisk 2015-11-19 21:03:45 +11:00
gentoo Merge "Note requirement for parted on gentoo hosts" 2016-03-22 07:41:00 +00:00
growroot Merge "Refactor growroot for debuggabilty" 2016-03-12 19:04:22 +00:00
grub2 Merge "Allow grub2 to build with opensuse" 2015-12-16 01:25:10 +00:00
hpdsa Add a new element hpdsa 2015-12-10 20:12:14 +00:00
hwburnin Create docs site containing element READMEs 2015-02-10 11:45:35 -08:00
hwdiscovery Create docs site containing element READMEs 2015-02-10 11:45:35 -08:00
ilo Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
install-static Install-static depends on rsync 2015-08-17 16:21:09 +00:00
install-types Break install-types out of base 2015-04-14 13:39:18 -04:00
ironic-agent Add a best-effort sudo safety check 2016-05-09 15:41:38 +10:00
ironic-discoverd-ramdisk Mark ironic-discoverd-ramdisk as deprecated in favor of ironic-agent 2016-02-01 16:47:37 +01:00
iso Add a best-effort sudo safety check 2016-05-09 15:41:38 +10:00
local-config Add openssh-server package-install to local-config 2015-12-07 15:23:00 -05:00
manifests Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
mellanox Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
modprobe-blacklist Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
oat-client Add oat-client element 2015-06-26 09:57:12 +08:00
opensuse opensuse: Update README 2015-07-01 22:03:50 +02:00
package-installs Merge "Prioritize venv python on host" 2016-04-18 23:17:28 +00:00
partitioning-sfdisk Add a best-effort sudo safety check 2016-05-09 15:41:38 +10:00
pip-and-virtualenv add pkg-map to pip-and-virtualenv element 2016-03-21 20:12:37 -05:00
pip-cache Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
pkg-map Print unparsable file in pkg-map 2016-01-14 16:21:25 +11:00
proliant-tools Add proliant-tools element 2015-11-09 07:58:00 +00:00
pypi Add a best-effort sudo safety check 2016-05-09 15:41:38 +10:00
ramdisk Merge "Add element ubuntu-signed to provide signed kernel" 2015-04-28 11:02:44 +00:00
ramdisk-base Adding InfiniBand Support 2016-02-17 04:43:29 +00:00
rax-nova-agent rax-nova-agent: switch to $DISTRO_NAME 2015-05-12 17:48:49 +02:00
redhat-common Use dnf to cleanup old kernels 2016-02-08 14:20:56 +11:00
rhel Add a best-effort sudo safety check 2016-05-09 15:41:38 +10:00
rhel7 Revert "Correct rhel-common for rhel6" 2016-02-17 22:17:11 +00:00
rhel-common Revert "Correct rhel-common for rhel6" 2016-02-17 22:17:11 +00:00
rpm-distro Move selinux restore to end of finalise 2016-04-20 13:52:37 +10:00
select-boot-kernel-initrd Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
selinux-permissive Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
serial-console Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
simple-init Use generic "dhcp-client" name 2016-04-22 11:31:54 +10:00
source-repositories Add a best-effort sudo safety check 2016-05-09 15:41:38 +10:00
stable-interface-names Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
svc-map Initial add of gentoo support for diskimage-builder 2016-01-12 19:15:00 -06:00
uboot Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
ubuntu Set DIB_RELEASE in ubuntu element 2015-03-04 23:11:27 +00:00
ubuntu-core Add a best-effort sudo safety check 2016-05-09 15:41:38 +10:00
ubuntu-minimal Split the debootstrap functions into an element 2015-04-26 18:04:59 +00:00
ubuntu-signed Add element ubuntu-signed to provide signed kernel 2015-04-12 11:36:17 -07:00
vm Add a best-effort sudo safety check 2016-05-09 15:41:38 +10:00
yum Use dnf to cleanup old kernels 2016-02-08 14:20:56 +11:00
yum-minimal Add a best-effort sudo safety check 2016-05-09 15:41:38 +10:00
zypper Standarise tracing for scripts 2015-02-12 10:41:32 +11:00