<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
El 27/12/16 a las 14:18, Alberto Donato escribió:<br>
<blockquote
cite="mid:CAEECqw_2oF2S-7-pa8X93xv6vARitotWAWmiYhA3H_73OZqebw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">On Thu, Dec 22, 2016 at 11:14 PM,
Sergio Schvezov <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:sergio.schvezov@canonical.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:sergio.schvezov@canonical.com">sergio.schvezov@canonical.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="auto"><span class="">
<div><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">El 19 dic. 2016 11:11 AM,
"Alberto Donato" <<a moz-do-not-send="true"
href="mailto:alberto.donato@canonical.com"
target="_blank">alberto.donato@canonical.com</a>>
escribió:<br type="attribution">
<blockquote class="m_-5132445674291611528quote"
style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">Hi,
<div><br>
</div>
<div>I'm trying to create a snap for
sshuttle, the ssh-based VPN app.</div>
<div>One of its components (the firewall
manager) needs to either be run as root,
or use su/sudo to be able to configure
firewall rules.</div>
<div><br>
</div>
<div>The app uses an "if os.getuid() != 0"
to check whether it can run.<br
clear="all">
</div>
<div><br>
</div>
<div>Is there any way to get it to work
inside a snap?</div>
</div>
</blockquote>
</div>
</div>
</div>
<div dir="auto"><br>
</div>
</span>
<div dir="auto">Doesn't putting sudo in front of your
command do the trick?</div>
</div>
</blockquote>
<div><br>
</div>
<div>Well that might work, but it would run all sshuttle
components as root, while the application is designed to
run just the firewall part as root.</div>
<div>I'd like to preserve this behavior.</div>
<div>My question, in general, is whether it's possible to
set up sudo within a snap confinement so that certain
commands can be run as root.<br>
</div>
</div>
</div>
</div>
</blockquote>
<br>
`classic` confinement can give you this. Other mechanisms might be
tricky: on a classic the sudoers rules checked would be that of the
core and not the one on your classic system whilst on a pure snap
system (Ubuntu Core), iirc, you cannot modify the sudoers file.<br>
<br>
</body>
</html>