why need so many sudo privileges? #4250
Comments
|
Both Removing the sudo from docker or running minikube with --vm-driver=none does not make it more secure. I don't see how any of the commands above could be run without sudo, except for using su (run as root) I think the idea for See #3138 |
|
I am concerned with many sudo lines, especially this $ grep ...
pkg/minikube/cruntime/crio.go:96: return r.Runner.Run(fmt.Sprintf("sudo podman load -i %s", path))
pkg/minikube/cruntime/cruntime.go:124: if err := cr.Run("sudo modprobe br_netfilter"); err != nil {
pkg/minikube/cruntime/cruntime.go:127: if err := cr.Run("sudo sh -c \"echo 1 > /proc/sys/net/ipv4/ip_forward\""); err != nil {
pkg/minikube/cruntime/cruntime_test.go:125: if bin == "sudo" {
pkg/minikube/cruntime/cruntime_test.go:353: {"docker", []string{"sudo systemctl stop docker docker.socket"}},
pkg/minikube/cruntime/cruntime_test.go:354: {"crio", []string{"sudo systemctl stop crio"}},
pkg/minikube/cruntime/cruntime_test.go:355: {"containerd", []string{"sudo systemctl stop containerd"}},
pkg/minikube/cruntime/docker.go:76: return r.Runner.Run("sudo systemctl start docker")
pkg/minikube/cruntime/docker.go:81: return r.Runner.Run("sudo systemctl stop docker docker.socket")
pkg/minikube/machine/cache_images.go:233: if err := cr.Run("sudo rm -rf " + dst); err != nil {
pkg/minikube/problem/err_map.go:52: Advice: "Run 'sudo modprobe vboxdrv' and reinstall VirtualBox if it fails.",
pkg/minikube/problem/err_map.go:57: Advice: "Run 'sudo modprobe vboxdrv' and reinstall VirtualBox if it fails.",
pkg/minikube/problem/err_map.go:75: Advice: "Run 'sudo modprobe vboxdrv' and reinstall VirtualBox if it fails.",
pkg/minikube/tunnel/route_darwin.go:42: command := exec.Command("sudo", "route", "-n", "add", serviceCIDR, gatewayIP)
pkg/minikube/tunnel/route_darwin.go:154: command := exec.Command("sudo", "route", "-n", "delete", route.DestCIDR.String())
pkg/minikube/tunnel/route_darwin_test.go:93: command := exec.Command("sudo", "route", "-n", "add", cidr, gw)
pkg/minikube/tunnel/route_darwin_test.go:101: command := exec.Command("sudo", "route", "-n", "delete", cidr)
pkg/minikube/tunnel/route_linux.go:41: command := exec.Command("sudo", "ip", "route", "add", serviceCIDR, "via", gatewayIP)
pkg/minikube/tunnel/route_linux.go:130: command := exec.Command("sudo", "ip", "route", "delete", serviceCIDR)
pkg/minikube/tunnel/route_linux_test.go:125: command := exec.Command("sudo", "ip", "route", "add", cidr, "via", gw)
pkg/minikube/tunnel/route_linux_test.go:135: command := exec.Command("sudo", "ip", "route", "delete", cidr)
pkg/minikube/tunnel/tunnel.go:213: command = exec.Command("sudo", "ifconfig", "bridge100", "deletem", member)
pkg/minikube/tunnel/tunnel.go:222: command = exec.Command("sudo", "ifconfig", "bridge100", "addm", member)
pkg/provision/buildroot.go:228: if _, err = p.SSHCommand(fmt.Sprintf("sudo mkdir -p %s && printf %%s \"%s\" | sudo tee %s", path.Dir(crioOptsPath), crioOptsBuf.String(), crioOptsPath)); err != nil {
pkg/provision/buildroot.go:298: if _, err = p.SSHCommand(fmt.Sprintf("sudo mkdir -p %s && printf %%s \"%s\" | sudo tee %s", path.Dir(dockerCfg.EngineOptionsPath), dockerCfg.EngineOptions, dockerCfg.EngineOptionsPath)); err != nil {
test/integration/tunnel_test.go:42: if err := exec.Command("sudo", "-n", "route").Run(); err != nil {
... |
|
The answer is: we use sudo a lot because minikube typically ssh's into a VM as a non-privileged user. The preference is that as few parts of minikube as possible should run as root, so minikube elevates when necessary. I agree that we should be able to remove some of the cases. Patches welcome! As far as ruining your system, that will always be a possibility with the none driver. See: https://github.com/kubernetes/minikube/blob/master/docs/vmdriver-none.md#can-the-none-driver-be-used-outside-of-a-vm |
tstromberg
added
kind/support
I have my own docker daemon running on Linux laptop, with proper docker env setup, and can run docker without sudo, and many other commands as well, a security common practice is to run less sudo as minimum as possible, or every command with sudo I have to know why necessary;
while trying to run minikube
minikube start --vm-driver=nonewith the existing docker daemon, but it seems asking too many things for sudo,I wonder why??
then I search the minikube source code, it seems many places have hardcoded with
sudo, I can't agree this as best approach?Why don't you remove sudo from all source code lines, and just document better which things you need sudo?
Or clean every sudo from source code, only require one
sudo minikube start ...like a dockerd running, and then don't require sudo for all other regular minikube tasks?The text was updated successfully, but these errors were encountered: