From 9963758a91bd2c1cc4fa2b5f026abc082547ff07 Mon Sep 17 00:00:00 2001 From: Tom van Dijk <18gatenmaker6@gmail.com> Date: Thu, 13 Mar 2025 16:03:17 +0100 Subject: [PATCH] feat(podman_driver): Invoke sudo when needed for privileged My motivation is that it's really a bad practice to just run `sudo bluebuild generate -o Containerfile`, as the file gets created as root and it's kind-of unsafe to the system too. I'd rather have the tool invoke sudo by itselves for the things it needs it for, rather than wrapping the entire program in sudo. This is especially the case for local (non-ci) builds. --- process/drivers/podman_driver.rs | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/process/drivers/podman_driver.rs b/process/drivers/podman_driver.rs index 30dedb7..09902a6 100644 --- a/process/drivers/podman_driver.rs +++ b/process/drivers/podman_driver.rs @@ -403,10 +403,6 @@ impl RunDriver for PodmanDriver { fn run(opts: &RunOpts) -> Result { trace!("PodmanDriver::run({opts:#?})"); - if !nix::unistd::Uid::effective().is_root() { - bail!("You must be root to run privileged podman!"); - } - let cid_path = TempDir::new().into_diagnostic()?; let cid_file = cid_path.path().join("cid"); @@ -426,10 +422,6 @@ impl RunDriver for PodmanDriver { fn run_output(opts: &RunOpts) -> Result { trace!("PodmanDriver::run_output({opts:#?})"); - if !nix::unistd::Uid::effective().is_root() { - bail!("You must be root to run privileged podman!"); - } - let cid_path = TempDir::new().into_diagnostic()?; let cid_file = cid_path.path().join("cid"); @@ -529,6 +521,7 @@ impl RunDriver for PodmanDriver { fn podman_run(opts: &RunOpts, cid_file: &Path) -> Command { let command = cmd!( + if opts.priviledged && !nix::unistd::Uid::effective().is_root() => "sudo", "podman", "run", format!("--cidfile={}", cid_file.display()),