From bf728aadfb9f0bc3f88e57f6e8c3c3ff428c1a1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A1=D0=B0=D1=88=D0=BA=D0=B0724=D0=B0=D1=8F?= Date: Tue, 15 Aug 2023 03:41:33 +1000 Subject: [PATCH] chroot: add `disable_root_check` option (#7099) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Initial commit * Update plugins/connection/chroot.py Co-authored-by: Felix Fontein * Add changelog fragment * Update changelogs/fragments/7099-chroot-disable-root-check-option.yml Co-authored-by: Felix Fontein --------- Co-authored-by: Сашка724ая Co-authored-by: Felix Fontein --- .../7099-chroot-disable-root-check-option.yml | 2 ++ plugins/connection/chroot.py | 24 +++++++++++++++---- 2 files changed, 21 insertions(+), 5 deletions(-) create mode 100644 changelogs/fragments/7099-chroot-disable-root-check-option.yml diff --git a/changelogs/fragments/7099-chroot-disable-root-check-option.yml b/changelogs/fragments/7099-chroot-disable-root-check-option.yml new file mode 100644 index 0000000000..c5c2af4e95 --- /dev/null +++ b/changelogs/fragments/7099-chroot-disable-root-check-option.yml @@ -0,0 +1,2 @@ +minor_changes: + - "chroot connection plugin - add ``disable_root_check`` option (https://github.com/ansible-collections/community.general/pull/7099)." diff --git a/plugins/connection/chroot.py b/plugins/connection/chroot.py index 7903ab7046..810316aaa5 100644 --- a/plugins/connection/chroot.py +++ b/plugins/connection/chroot.py @@ -46,6 +46,19 @@ DOCUMENTATION = ''' vars: - name: ansible_chroot_exe default: chroot + disable_root_check: + description: + - Do not check that the user is not root. + ini: + - section: chroot_connection + key: disable_root_check + env: + - name: ANSIBLE_CHROOT_DISABLE_ROOT_CHECK + vars: + - name: ansible_chroot_disable_root_check + default: false + type: bool + version_added: 7.3.0 ''' EXAMPLES = r""" @@ -102,11 +115,7 @@ class Connection(ConnectionBase): self.chroot = self._play_context.remote_addr - if os.geteuid() != 0: - raise AnsibleError("chroot connection requires running as root") - - # we're running as root on the local system so do some - # trivial checks for ensuring 'host' is actually a chroot'able dir + # do some trivial checks for ensuring 'host' is actually a chroot'able dir if not os.path.isdir(self.chroot): raise AnsibleError("%s is not a directory" % self.chroot) @@ -120,6 +129,11 @@ class Connection(ConnectionBase): def _connect(self): """ connect to the chroot """ + if not self.get_option('disable_root_check') and os.geteuid() != 0: + raise AnsibleError( + "chroot connection requires running as root. " + "You can override this check with the `disable_root_check` option.") + if os.path.isabs(self.get_option('chroot_exe')): self.chroot_cmd = self.get_option('chroot_exe') else: