Summary: | app-admin/github-backup-utils[test]: leaks systemd service stop requests to system | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Michał Górny <mgorny> |
Component: | Current packages | Assignee: | William Hubbs <williamh> |
Status: | CONFIRMED --- | ||
Severity: | major | CC: | qa, systemd |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Michał Górny
2021-06-20 07:40:51 UTC
Several tests call "ghe-restore", which calls "ssh ... sudo systemctl stop consul". https://github.com/github/backup-utils/blob/v3.0.0/bin/ghe-restore#L301 As well, the tests use a wrapper script for ssh that removes any "sudo" calls and runs the commands locally. https://github.com/github/backup-utils/blob/v3.0.0/test/bin/ssh#L37 The end result is that "systemctl stop consul" gets executed directly as the portage user, which triggers a polkit prompt if portage is not running as root. ghe-restore attempts to perform many privileged operations, and it doesn't look like it was really designed for use in an isolated test environment. I would recommend masking the test USE flag until/unless the tests can be made more safe for general use. |