89luca89
UBUniversal Blue
•Created by j0rge on 6/6/2024 in #💾ublue-dev
Wolfi toolbox thread
didn't follow the CI
73 replies
UBUniversal Blue
•Created by j0rge on 6/6/2024 in #💾ublue-dev
Wolfi toolbox thread
is it on my PR or on them?
73 replies
UBUniversal Blue
•Created by j0rge on 6/6/2024 in #💾ublue-dev
Wolfi toolbox thread
yea it was basically ready as I was already using it 😂
73 replies
UBUniversal Blue
•Created by j0rge on 6/6/2024 in #💾ublue-dev
Wolfi toolbox thread
being rolling, it should be quite easy to mantain
73 replies
UBUniversal Blue
•Created by j0rge on 6/6/2024 in #💾ublue-dev
Wolfi toolbox thread
so we can discuss there
73 replies
UBUniversal Blue
•Created by j0rge on 6/6/2024 in #💾ublue-dev
Wolfi toolbox thread
yea I'm opening the PR and tag you
73 replies
UBUniversal Blue
•Created by j0rge on 6/6/2024 in #💾ublue-dev
Wolfi toolbox thread
can you send me some info about? so I can check
73 replies
UBUniversal Blue
•Created by j0rge on 6/6/2024 in #💾ublue-dev
Wolfi toolbox thread
altho, it is missing a single package
pinentry that would allow not only instant-entry, but also offline entry
right now it will do an apk-search for it, even if it fails and skips it73 replies
UBUniversal Blue
•Created by j0rge on 6/6/2024 in #💾ublue-dev
Wolfi toolbox thread
localhost/wolfi-toolbox latest de8a8aae537b 3 minutes ago 240 MB
registry.opensuse.org/opensuse/distrobox latest 049119b2494e 5 days ago 1.56 GB
not bad73 replies
UBUniversal Blue
•Created by j0rge on 6/6/2024 in #💾ublue-dev
Wolfi toolbox thread
I think yes, but that is not a security concern with podman
podman is not a daemonful service, with the dedicated group to do rootful things
docker is
so for example, if an user is in the
docker group and not in wheel it could work around this by creating a rootful container, and doing sudo in it
instead dbox will respect wheel/sudo of the host system, and will not enable passwordless sudo for rootful container73 replies
UBUniversal Blue
•Created by j0rge on 6/6/2024 in #💾ublue-dev
Wolfi toolbox thread
simple fix is to use /etc/sudoers.d/sudoers which is the file dbox uses, and that is deleted if the user is rootful
73 replies
UBUniversal Blue
•Created by j0rge on 6/6/2024 in #💾ublue-dev
Wolfi toolbox thread
all the -toolbx images do this:
RUN echo "%wheel ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/toolbox
this invalidates the fact that distrobox does NOT enable passwordless sudo on rootful containers, for security reasons73 replies
UBUniversal Blue
•Created by j0rge on 6/6/2024 in #💾ublue-dev
Wolfi toolbox thread
there is only one thing i'd like to highlight
73 replies
UBUniversal Blue
•Created by j0rge on 6/6/2024 in #💾ublue-dev
Wolfi toolbox thread
@j0rge I'm going to PR the wolfi images no problem 🙂
73 replies
UBUniversal Blue
•Created by j0rge on 6/6/2024 in #💾ublue-dev
Wolfi toolbox thread
toolbox always instant launcher, because it already assumes everything is there, and if it doesn't it's a you-problem
73 replies
UBUniversal Blue
•Created by j0rge on 6/6/2024 in #💾ublue-dev
Wolfi toolbox thread
instant launch is supported for sure, if we add the missing packages 👍
73 replies
UBUniversal Blue
•Created by j0rge on 6/6/2024 in #💾ublue-dev
Wolfi toolbox thread
yea toolbx acts on /etc/sudoers.conf while dbox does an augmenting conf in /etc/sudoers.conf.d
73 replies