Jobs running as root even if root: true has not been specified
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lpci |
Fix Released
|
Low
|
Jürgen Gmach |
Bug Description
The lpci documentation [1] says that the default value for the 'root' option is 'false', which means that by default jobs should run under the unprivileged _lpci user. However lpci behaves as if the default was root: true. To reproduce prepare a branch with this .launchpad.yaml:
pipeline:
- pre_commit
jobs:
pre_commit:
series: focal
architectures: amd64
run-before: |
set -x
id
whoami
run: |
set -x
id
whoami
and check the job output. As of today this is:
Running command for the job...
Running ['bash', '--noprofile', '--norc', '-ec', 'set -x\nid\nwhoami\n']
:: + id
:: uid=0(root) gid=0(root) groups=0(root)
:: + whoami
:: root
Running command for the job...
Running ['bash', '--noprofile', '--norc', '-ec', 'set -x\nid\nwhoami\n']
:: + id
:: uid=0(root) gid=0(root) groups=0(root)
:: + whoami
:: root
This is also reproducible by running lpci locally.
Explicitly setting `root: false` makes the job run under _lpci user, as expected.
[1] https:/
Related branches
- Colin Watson (community): Approve
-
Diff: 29 lines (+6/-1)2 files modifiedNEWS.rst (+5/-0)
docs/configuration.rst (+1/-1)
Changed in lpci: | |
assignee: | nobody → Jürgen Gmach (jugmac00) |
importance: | Undecided → Low |
status: | New → Fix Released |