Preserve environment variables through sudo session #1027
Merged
+2
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
shanman190
commented
Apr 25, 2024
| @@ -288,7 +288,7 @@ func rerunAsRoot(workspaceInfo *provider2.AgentWorkspaceInfo, log log.Logger) (b | |||
| } | |||
|
|
|||
| // call ourself | |||
| args := []string{binary} | |||
| args := []string{"--preserve-env", binary} | |||
There was a problem hiding this comment.
This preserves all environment variables from the initial session into the sudo session. Technically, this could be reduced down to --preserve-env=SSH_AUTH_SOCK to limit only the SSH Agent socket being passed into the sudo session.
There was a problem hiding this comment.
Just to note, the preservation of the environment variables is necessary regardless of source OS. This is all about the target OS and how the Docker socket has been configured from an access standpoint. So any user using a target where Docker requires admin rights would have been impacted by this.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When performing ssh clones on a machine where the Docker socket requires administrative access to utilize passing over the environment variables into the
sudosession is required.It should also be noted, that Windows ships with OpenSSH 8.1 by default, so if Windows users are having issues with SSH Agent support they may need to upgrade their OpenSSH distribution to be inline or newer than the target machine's environment.