Checkbox

jobs specifying user have incorrect PATH set, can't find scripts

Bug #1252396 reported by Daniel Manrique
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Checkbox
Fix Released
High
Zygmunt Krynicki
Checkbox plainbox-0.4b1

Bug Description

How to reproduce:

- install plainbox and plainbox-provider-certification-client
- run this:

plainbox run -i mediacard/sd-preinserted

Expected result:
- successful run of removable_storage_test script (even if the script itself reports a failure)

Actual result:

Running... (output in /home/ubuntu/.cache/plainbox/sessions/pbox-50hhi8.session/io-logs/mediacard_sd-preinserted.*)
(job mediacard/sd-preinserted, <stderr:00001>) bash: removable_storage_test: command not found
Outcome: fail
Comments: None

This affects only jobs that specify user: root. If I remove that line from this job definition, the script runs (but will lack permissions so it will fail for another reason).

Tags: plainbox

Related branches

lp://staging/~zyga/checkbox/path-bug
Sylvain Pineau (community): Approve
Diff: 641 lines (+224/-66)
2 files modified
plainbox/plainbox/impl/ctrl.py (+120/-40)
plainbox/plainbox/impl/test_ctrl.py (+104/-26)
Revision history for this message
Daniel Manrique (roadmr) wrote :

OK, this was traced to using the sudo execution controller, on systems where the invoking user is in the sudo group. Presumably the preferred pkexec execution controller won't exhibit this issue.

The way plainbox gives access to all the scripts from all providers is by creating a "nest", a temporary directory with symlinks to all the scripts, and adding that to the environment's PATH.

The sudo execution controller uses the -E option to sudo, and our thinking was that the modified PATH would be picked up with this option. However, on Ubuntu, /etc/sudoers has a default secure_path defined, and apparently this overrides any changes to the invoking environment's PATH variable. The secure path is as follows:

Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

This clobbers our setting of PATH thus causing the scripts in the nest to not be found.

A possible solution to this is relying on env with a list of environment variable values to set, as is done for the pkexec execution controller which is already working.

Changed in checkbox:
status: New → Triaged
importance: Undecided → High
milestone: none → 2013-dec-06
Zygmunt Krynicki (zyga)
Changed in checkbox:
status: Triaged → In Progress
assignee: nobody → Zygmunt Krynicki (zkrynicki)
Zygmunt Krynicki (zyga)
Changed in checkbox:
status: In Progress → Fix Committed
Zygmunt Krynicki (zyga)
Changed in checkbox:
status: Fix Committed → Fix Released
milestone: 2013-dec-06 → plainbox-0.4b1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.