On 04/01/2020 08:35, Giovanni Mascellani wrote:
Package: schroot Version: 1.6.10-7 Severity: important Hi, with today's update (1.6.10-7), schroot does not work anymore for non-root users (which are still authorized by mean of the "users" directive)
I suspect the problem might be related to the fact that /usr/bin/schroot is not set-uid anymore, while it was before. Executing # chmod u+s /usr/bin/schroot fixes the problem for me.
schroot absolutely requires being installed setuid root. Like sudo and su, it's required for PAM auth and setuid() and setgid() calls, as well as the chroot() call and performing privileged actions like mounting and unmounting filesystems.
In the past, I did consider making it a service accessed via a socket, so that we could have an unprivileged client binary and a privileged server process. It's still a reasonable approach to take, but it requires time and effort to design and implement which I haven't had to spare.
Kind regards, Roger