Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions images/ubuntu/25.10/Containerfile
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,9 @@ RUN apt-get update && \
rm -rd /var/lib/apt/lists/*
RUN rm /extra-packages

# Allow passwordless sudo for the sudo group
RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/90-toolbx-nopasswd

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Files in /etc/sudoers.d/ must have strict permissions (typically 0440 or 0400) and be owned by root:root. If a file has more permissive permissions (such as 0644, which is the default when created via redirection with a standard umask), sudo and sudo-rs will ignore the file or fail with a permission error. To ensure the passwordless sudo rule is honored, explicitly set the file permissions to 0440.

RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/90-toolbx-nopasswd && \
    chmod 0440 /etc/sudoers.d/90-toolbx-nopasswd


# Enable the use of p11-kit-client.so to access CA certificates from the host
RUN mkdir --parents /etc/pkcs11/modules

Expand Down
3 changes: 3 additions & 0 deletions images/ubuntu/26.04/Containerfile
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,9 @@ RUN apt-get update && \
rm -rd /var/lib/apt/lists/*
RUN rm /extra-packages

# Allow passwordless sudo for the sudo group
RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/90-toolbx-nopasswd

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Files in /etc/sudoers.d/ must have strict permissions (typically 0440 or 0400) and be owned by root:root. If a file has more permissive permissions (such as 0644, which is the default when created via redirection with a standard umask), sudo and sudo-rs will ignore the file or fail with a permission error. To ensure the passwordless sudo rule is honored, explicitly set the file permissions to 0440.

RUN echo "%sudo ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/90-toolbx-nopasswd && \
    chmod 0440 /etc/sudoers.d/90-toolbx-nopasswd


# Enable the use of p11-kit-client.so to access CA certificates from the host
RUN mkdir --parents /etc/pkcs11/modules

Expand Down
Loading