Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1868215

Summary: sudo: unable to mkdir /sudo: Operation not permitted
Product: [Fedora] Fedora Reporter: thiago.frmoraes
Component: sudoAssignee: Radovan Sroka <rsroka>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 33CC: alakatos, awilliam, dkopecek, dustymabe, evan, hgkamath, kzak, mattdm, rsroka, tosykora
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: AcceptedFreezeException
Fixed In Version: sudo-1.9.2-1.fc34 sudo-1.9.2-1.eln103 sudo-1.9.2-1.fc32 sudo-1.9.2-1.fc33 sudo-1.9.2-1.fc31 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-09-21 20:49:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1766776    
Attachments:
Description Flags
Fix runstatedir variable handling in configure none

Description thiago.frmoraes 2020-08-12 03:06:59 UTC 
Description of problem:

When I use sudo to run some command as root I see this message:

sudo: unable to mkdir /sudo: Operation not permitted

The command runs correctly, but if I run other command with sudo immediately sudo will ask the password.


Version-Release number of selected component (if applicable):

Rawhide.20200811.n.0 (Silverblue Prerelease)


How reproducible:


Steps to Reproduce:
1. Open a terminal
2. run the a command as sudo

Actual results:

sudo: unable to mkdir /sudo: Operation not permitted


Expected results:

Not show the message sudo: unable to mkdir /sudo: Operation not permitted

Additional info:
Comment 1 Evan Anderson 2020-09-04 02:06:09 UTC 
I'm seeing this same issue on F33 branched. It also causes sudo to always prompt for a password.
Comment 2 Ganapathi Kamath 2020-09-06 11:49:53 UTC 
confirming, on silverblue Fedora-Silverblue-ostree-x86_64-33-20200905.n.0.iso
Comment 3 Evan Anderson 2020-09-06 19:36:54 UTC 
Created attachment 1713891 [details]
Fix runstatedir variable handling in configure

I did some additional debugging and found that the rundir is not being set correctly during the build process. See the koji log: https://kojipkgs.fedoraproject.org//packages/sudo/1.9.1/3.fc33/data/logs/x86_64/build.log

"checking for sudo run dir location... /sudo"

If the build was configuring properly, this should state:

"checking for sudo run dir location... /run/sudo"

There was a recent change that modified how this directory was set to support the addition of runstatedir in autoconf 2.70 (yet to be released): https://github.com/sudo-project/sudo/commit/026caf008142fcbf47455da23db1e023ca1fe216. This change broke the state directory when only "localstatedir" is specified during configure but "runstatedir" is not since it doesn't check if runstatedir is non-empty before comparing and falls into the second "elif" case. Since Fedora doesn't ship the runstatedir addition as some other distros have done, this breaks the run directory definition during configuration. I have attached a patch that fixes this for Fedora, which I will also submit to upstream.
Comment 4 Evan Anderson 2020-09-07 04:45:16 UTC 
Upstream accepted the patch in this GitHub PR: https://github.com/sudo-project/sudo/pull/62
Comment 5 Fedora Update System 2020-09-15 15:06:41 UTC 
FEDORA-2020-7458404c2c has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 6 Fedora Update System 2020-09-15 15:06:44 UTC 
FEDORA-2020-7219488e72 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2020-7219488e72
Comment 7 Fedora Update System 2020-09-15 15:15:11 UTC 
FEDORA-2020-0d5e544db7 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-0d5e544db7
Comment 8 Fedora Update System 2020-09-15 15:16:01 UTC 
FEDORA-2020-12d53b8cf7 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-12d53b8cf7
Comment 9 Fedora Update System 2020-09-15 15:21:38 UTC 
FEDORA-2020-c788914609 has been pushed to the Fedora ELN stable repository.
If problem still persists, please make note of it in this bug report.
Comment 10 Fedora Update System 2020-09-16 14:30:01 UTC 
FEDORA-2020-0d5e544db7 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-0d5e544db7`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-0d5e544db7

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 11 Fedora Update System 2020-09-16 15:35:57 UTC 
FEDORA-2020-12d53b8cf7 has been pushed to the Fedora 31 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-12d53b8cf7`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-12d53b8cf7

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 12 Dusty Mabe 2020-09-16 18:22:25 UTC 
Hey Radovan,

I'm going to re-open this bug so we can propose it as a freeze exception to possibly get it into Fedora 33 beta.

The blockerbugs app won't accept proposals for bugs that are closed.

Sorry for the noise.
Comment 13 Fedora Blocker Bugs Application 2020-09-16 18:22:40 UTC 
Proposed as a Freeze Exception for 33-beta by Fedora user dustymabe using the blocker tracking app because:

 I don't know if this should be accepted as an FE or not, but I'll submit to see what others think.

AFAICT this bug:

- on non OSTree systems you get a directory at /sudo created and you might not want that
- on OSTRee based systems you get an error message whenever you run a sudo command
    - https://github.com/fedora-silverblue/issue-tracker/issues/73
Comment 14 Fedora Update System 2020-09-16 18:56:55 UTC 
FEDORA-2020-7219488e72 has been pushed to the Fedora 33 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-7219488e72`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-7219488e72

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 15 Fedora Update System 2020-09-17 16:01:34 UTC 
FEDORA-2020-0d5e544db7 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 16 Dusty Mabe 2020-09-17 16:53:18 UTC 
resetting to open since f33 hasn't hit stable
Comment 17 Adam Williamson 2020-09-18 21:12:06 UTC 
+4 votes in ticket (https://pagure.io/fedora-qa/blocker-review/issue/96 ), setting accepted.
Comment 18 Fedora Update System 2020-09-21 20:49:02 UTC 
FEDORA-2020-7219488e72 has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 19 Fedora Update System 2020-10-01 02:39:29 UTC 
FEDORA-2020-12d53b8cf7 has been pushed to the Fedora 31 stable repository.
If problem still persists, please make note of it in this bug report.