toolbox scripts - sudo doesn't work inside toolbox container
Affected version
- OS: Debian GNU/Linux 12 (bookworm)
- GNOME Shell version: latest git main branch
- Does this issue appear in XOrg and/or Wayland: not applicable
- Does this issue happen without extensions: not applicable
Bug summary
When trying to build/install gnome-shell from the provided toolbox scripts, I am not able to use sudo
inside the container.
Trying to run sudo in the toolbox container always results in:
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
which causes the build scripts (including update-mutter script in the container) to fail at the installation step. However sudo
works if it is invoked through podman exec
.
I am new to containers so am not sure if this is a toolbox
bug or a configuration issue with the image.
Steps to reproduce
- Run any tools/toolbox/ script which uses
sudo
in the container (e.g.meson-build.sh
)
What happened
Fails with the above mentioned error
What did you expect to happen
sudo
should execute successfully
Relevant logs, screenshots, screencasts etc.
Example run of meson-build.sh
demonstrating failure:
maroon@pinecone:~/projects/public/gnome-shell/tools/toolbox> bash meson-build.sh
Directory already configured.
Just run your build command (e.g. ninja) and Meson will regenerate as necessary.
Run "meson setup --reconfigure to force Meson to regenerate.
If build failures persist, run "meson setup --wipe" to rebuild from scratch
using the same options as passed when configuring the build.
INFO: autodetecting backend as ninja
INFO: calculating backend command to run: /usr/bin/ninja -C /home/maroon/projects/public/gnome-shell/build-gnome-shell-devel
ninja: Entering directory `/home/maroon/projects/public/gnome-shell/build-gnome-shell-devel'
[0/1] Regenerating build files.
The Meson build system
Version: 1.3.2
Source dir: /home/maroon/projects/public/gnome-shell
Build dir: /home/maroon/projects/public/gnome-shell/build-gnome-shell-devel
Build type: native build
Project name: gnome-shell
Project version: 46.1
C compiler for the host machine: cc (gcc 14.0.1 "cc (GCC) 14.0.1 20240217 (Red Hat 14.0.1-0)")
C linker for the host machine: cc ld.bfd 2.41-34
Host machine cpu family: x86_64
Host machine cpu: x86_64
Dependency gnome-keybindings found: YES 46.beta.2 (cached)
Dependency atk-bridge-2.0 found: YES 2.51.90 (cached)
Dependency libecal-2.0 found: YES 3.51.2 (cached)
Dependency libedataserver-1.2 found: YES 3.51.2 (cached)
Dependency gcr-4 found: YES 4.2.0 (cached)
Dependency gdk-x11-3.0 found: YES 3.24.41 (cached)
Dependency gdk-pixbuf-2.0 found: YES 2.42.10 (cached)
Dependency gobject-introspection-1.0 found: YES 1.79.1 (cached)
Dependency gio-2.0 found: YES 2.79.1 (cached)
Dependency gio-unix-2.0 found: YES 2.79.1 (cached)
Dependency gjs-1.0 found: YES 1.79.3 (cached)
Dependency gtk4 found: YES 4.13.7 (cached)
Dependency libxml-2.0 found: YES 2.12.5 (cached)
Dependency mutter-clutter-14 found: YES 46.1 (cached)
Dependency mutter-mtk-14 found: YES 46.1 (cached)
Dependency mutter-cogl-14 found: YES 46.1 (cached)
Dependency mutter-cogl-pango-14 found: YES 46.1 (cached)
Dependency libmutter-14 found: YES 46.1 (cached)
Dependency polkit-agent-1 found: YES 124 (cached)
Dependency libstartup-notification-1.0 found: YES 0.12 (cached)
Dependency ibus-1.0 found: YES 1.5.30-beta1 (cached)
Dependency x11 found: YES 1.8.7 (cached)
Dependency gsettings-desktop-schemas found: YES 46.beta (cached)
Dependency gnome-desktop-4 found: YES 44.0 (cached)
Dependency libnm found: YES 1.45.9 (cached)
Dependency libsecret-1 found: YES 0.21.3 (cached)
Dependency libpipewire-0.3 found: YES 1.0.3 (cached)
Dependency libsystemd found: YES 255 (cached)
Dependency systemd found: YES 255 (cached)
Program a2x found: YES (/usr/bin/a2x)
Program python3 found: YES (/usr/bin/python3)
Program gjs found: YES (/usr/bin/gjs)
Library m found: YES
Checking for function "g_desktop_app_info_launch_uris_as_manager_with_fds" with dependency gio-2.0: YES (cached)
Checking for function "fdwalk" : NO (cached)
Checking for function "mallinfo" : YES (cached)
Checking for function "mallinfo2" : YES (cached)
Has header "sys/resource.h" : YES (cached)
Has header "elf.h" : YES (cached)
Has header "link.h" : YES (cached)
Header "langinfo.h" has symbol "_NL_TIME_FIRST_WEEKDAY" : YES (cached)
Checking for function "fdwalk" : NO (cached)
Compiler for C supports arguments -fno-omit-frame-pointer: YES (cached)
Compiler for C supports arguments -mno-omit-leaf-frame-pointer: YES (cached)
Compiler for C supports arguments -fno-strict-aliasing: YES (cached)
Compiler for C supports arguments -Wpointer-arith: YES (cached)
Compiler for C supports arguments -Wmissing-declarations: YES (cached)
Compiler for C supports arguments -Wimplicit-function-declaration: YES (cached)
Compiler for C supports arguments -Wformat=2: YES (cached)
Compiler for C supports arguments -Wformat-nonliteral: YES (cached)
Compiler for C supports arguments -Wformat-security: YES (cached)
Compiler for C supports arguments -Wstrict-prototypes: YES (cached)
Compiler for C supports arguments -Wmissing-prototypes: YES (cached)
Compiler for C supports arguments -Wnested-externs: YES (cached)
Compiler for C supports arguments -Wold-style-definition: YES (cached)
Compiler for C supports arguments -Wundef: YES (cached)
Compiler for C supports arguments -Wunused: YES (cached)
Compiler for C supports arguments -Wcast-align: YES (cached)
Compiler for C supports arguments -Wmissing-noreturn: YES (cached)
Compiler for C supports arguments -Wmissing-format-attribute: YES (cached)
Compiler for C supports arguments -Wmissing-include-dirs: YES (cached)
Compiler for C supports arguments -Wlogical-op: YES (cached)
Compiler for C supports arguments -Wignored-qualifiers: YES (cached)
Compiler for C supports arguments -Werror=redundant-decls: YES (cached)
Compiler for C supports arguments -Werror=implicit: YES (cached)
Compiler for C supports arguments -Werror=nonnull: YES (cached)
Compiler for C supports arguments -Werror=init-self: YES (cached)
Compiler for C supports arguments -Werror=main: YES (cached)
Compiler for C supports arguments -Werror=missing-braces: YES (cached)
Compiler for C supports arguments -Werror=sequence-point: YES (cached)
Compiler for C supports arguments -Werror=return-type: YES (cached)
Compiler for C supports arguments -Werror=trigraphs: YES (cached)
Compiler for C supports arguments -Werror=array-bounds: YES (cached)
Compiler for C supports arguments -Werror=write-strings: YES (cached)
Compiler for C supports arguments -Werror=address: YES (cached)
Compiler for C supports arguments -Werror=int-to-pointer-cast: YES (cached)
Compiler for C supports arguments -Werror=pointer-to-int-cast: YES (cached)
Compiler for C supports arguments -Werror=empty-body: YES (cached)
Compiler for C supports arguments -Werror=write-strings: YES (cached)
Compiler for C supports arguments -DG_ENABLE_DEBUG: YES (cached)
Configuring config.h using configuration
Executing subproject gvc
gvc| Project name: gvc
gvc| Project version: undefined
gvc| C compiler for the host machine: cc (gcc 14.0.1 "cc (GCC) 14.0.1 20240217 (Red Hat 14.0.1-0)")
gvc| C linker for the host machine: cc ld.bfd 2.41-34
gvc| Dependency glib-2.0 found: YES 2.79.1 (cached)
gvc| Program /usr/bin/glib-mkenums found: YES (/usr/bin/glib-mkenums)
gvc| Dependency glib-2.0 found: YES 2.79.1 (cached)
gvc| Program /usr/bin/glib-mkenums found: YES (/usr/bin/glib-mkenums)
gvc| Dependency gio-2.0 found: YES 2.79.1 (cached)
gvc| Dependency gobject-2.0 found: YES 2.79.1 (cached)
gvc| Dependency libpulse found: YES 16.1 (cached)
gvc| Dependency libpulse-mainloop-glib found: YES 16.1 (cached)
gvc| Dependency gobject-introspection-1.0 found: YES 1.79.1 (cached)
gvc| Dependency gobject-introspection-1.0 found: YES 1.79.1 (cached)
gvc| Program /usr/bin/g-ir-scanner found: YES (/usr/bin/g-ir-scanner)
gvc| Dependency gobject-introspection-1.0 found: YES 1.79.1 (cached)
gvc| Program /usr/bin/g-ir-compiler found: YES (/usr/bin/g-ir-compiler)
gvc| Found pkg-config: YES (/usr/bin/pkg-config) 2.1.0
gvc| Configuring config.h using configuration
gvc| Build targets in project: 6
gvc| Subproject gvc finished.
Executing subproject shew
shew| Project name: shew
shew| Project version: 46.1
shew| C compiler for the host machine: cc (gcc 14.0.1 "cc (GCC) 14.0.1 20240217 (Red Hat 14.0.1-0)")
shew| C linker for the host machine: cc ld.bfd 2.41-34
shew| Dependency gtk4 found: YES 4.13.7 (cached)
shew| Dependency x11 found: YES 1.8.7 (cached)
shew| Build targets in project: 9
shew| Subproject shew finished.
Executing subproject extensions-tool
extensions-tool| Project name: gnome-extensions-tool
extensions-tool| Project version: 46.1
extensions-tool| C compiler for the host machine: cc (gcc 14.0.1 "cc (GCC) 14.0.1 20240217 (Red Hat 14.0.1-0)")
extensions-tool| C linker for the host machine: cc ld.bfd 2.41-34
extensions-tool| Dependency gio-2.0 found: YES 2.79.1 (cached)
extensions-tool| Dependency gio-unix-2.0 found: YES 2.79.1 (cached)
extensions-tool| Dependency gnome-autoar-0 found: YES 0.4.4 (cached)
extensions-tool| Dependency json-glib-1.0 found: YES 1.8.0 (cached)
extensions-tool| Dependency bash-completion found: YES 2.11 (cached)
extensions-tool| Checking for function "bind_textdomain_codeset" : YES (cached)
extensions-tool| Configuring config.h using configuration
extensions-tool| Program msgfmt found: YES (/usr/bin/msgfmt)
extensions-tool| Dependency gio-2.0 found: YES 2.79.1 (cached)
extensions-tool| Program /usr/bin/glib-compile-resources found: YES (/usr/bin/glib-compile-resources)
extensions-tool| Program a2x found: YES (/usr/bin/a2x)
extensions-tool| Build targets in project: 16
extensions-tool| Subproject extensions-tool finished.
Executing subproject extensions-app
extensions-app| Project name: gnome-extensions-app
extensions-app| Project version: 46.1
extensions-app| Program gjs found: YES (/usr/bin/gjs)
extensions-app| Program appstream-util found: NO
extensions-app| Program appstreamcli found: YES (/usr/bin/appstreamcli)
extensions-app| Program desktop-file-validate found: YES (/usr/bin/desktop-file-validate)
extensions-app| Configuring org.gnome.Extensions.metainfo.xml.in using configuration
extensions-app| Configuring org.gnome.Extensions.data.gresource.xml using configuration
extensions-app| Dependency gio-2.0 found: YES 2.79.1 (cached)
extensions-app| Program /usr/bin/glib-compile-resources found: YES (/usr/bin/glib-compile-resources)
extensions-app| Configuring org.gnome.Extensions.desktop.in using configuration
extensions-app| Configuring org.gnome.Extensions.service using configuration
extensions-app| Configuring gnome-extensions-app using configuration
extensions-app| Configuring org.gnome.Extensions using configuration
extensions-app| Configuring config.js using configuration
extensions-app| Configuring org.gnome.Extensions.src.gresource.xml using configuration
extensions-app| Dependency gio-2.0 found: YES 2.79.1 (cached)
extensions-app| Program /usr/bin/glib-compile-resources found: YES (/usr/bin/glib-compile-resources)
extensions-app| Build targets in project: 20
extensions-app| Subproject extensions-app finished.
Configuring config.js using configuration
Configuring org.gnome.Shell.Extensions using configuration
Configuring org.gnome.Shell.Extensions.service using configuration
Dependency gio-2.0 found: YES 2.79.1 (cached)
Program /usr/bin/glib-compile-resources found: YES (/usr/bin/glib-compile-resources)
Configuring org.gnome.Shell.Notifications using configuration
Configuring org.gnome.Shell.Notifications.service using configuration
Dependency gio-2.0 found: YES 2.79.1 (cached)
Program /usr/bin/glib-compile-resources found: YES (/usr/bin/glib-compile-resources)
Configuring org.gnome.Shell.Screencast using configuration
Configuring org.gnome.Shell.Screencast.service using configuration
Dependency gio-2.0 found: YES 2.79.1 (cached)
Program /usr/bin/glib-compile-resources found: YES (/usr/bin/glib-compile-resources)
Configuring org.gnome.ScreenSaver using configuration
Configuring org.gnome.ScreenSaver.service using configuration
Dependency gio-2.0 found: YES 2.79.1 (cached)
Program /usr/bin/glib-compile-resources found: YES (/usr/bin/glib-compile-resources)
Dependency gio-2.0 found: YES 2.79.1 (cached)
Program /usr/bin/glib-compile-resources found: YES (/usr/bin/glib-compile-resources)
Dependency gio-2.0 found: YES 2.79.1 (cached)
Program /usr/bin/glib-compile-resources found: YES (/usr/bin/glib-compile-resources)
Configuring org.gnome.Shell.CalendarServer.service using configuration
Configuring org.gnome.Shell.HotplugSniffer.service using configuration
Configuring st.h using configuration
Dependency glib-2.0 found: YES 2.79.1 (cached)
Program /usr/bin/glib-mkenums found: YES (/usr/bin/glib-mkenums)
Dependency glib-2.0 found: YES 2.79.1 (cached)
Program /usr/bin/glib-mkenums found: YES (/usr/bin/glib-mkenums)
Program /home/maroon/projects/public/gnome-shell/src/data-to-c.pl found: YES (/home/maroon/projects/public/gnome-shell/src/data-to-c.pl)
Dependency libmutter-test-14 found: YES 46.1 (cached)
Configuring gnome-shell-test-tool using configuration
Configuring gnome-shell-extension-tool using configuration
Dependency glib-2.0 found: YES 2.79.1 (cached)
Program /usr/bin/glib-mkenums found: YES (/usr/bin/glib-mkenums)
Dependency glib-2.0 found: YES 2.79.1 (cached)
Program /usr/bin/glib-mkenums found: YES (/usr/bin/glib-mkenums)
Dependency gio-2.0 found: YES 2.79.1 (cached)
Program /usr/bin/gdbus-codegen found: YES (/usr/bin/gdbus-codegen)
Dependency gio-2.0 found: YES 2.79.1 (cached)
Program /usr/bin/gdbus-codegen found: YES (/usr/bin/gdbus-codegen)
Program msginit found: YES (/usr/bin/msginit)
Program msgmerge found: YES (/usr/bin/msgmerge)
Program xgettext found: YES (/usr/bin/xgettext)
Configuring org.gnome.Shell.desktop.in using configuration
Configuring org.gnome.Shell.Extensions.desktop.in using configuration
Configuring org.gnome.Shell.PortalHelper.desktop.in using configuration
Configuring org.gnome.Shell.PortalHelper.service using configuration
Program sassc found: YES (/usr/bin/sassc)
Program sassc found: YES (/usr/bin/sassc)
Program sassc found: YES (/usr/bin/sassc)
Dependency gio-2.0 found: YES 2.79.1 (cached)
Program /usr/bin/glib-compile-resources found: YES (/usr/bin/glib-compile-resources)
Dependency gio-2.0 found: YES 2.79.1 (cached)
Program /usr/bin/glib-compile-resources found: YES (/usr/bin/glib-compile-resources)
Dependency gio-2.0 found: YES 2.79.1 (cached)
Program /usr/bin/glib-compile-resources found: YES (/usr/bin/glib-compile-resources)
Dependency gio-2.0 found: YES 2.79.1 (cached)
Program /usr/bin/glib-compile-resources found: YES (/usr/bin/glib-compile-resources)
Configuring perf-background.xml using configuration
Configuring org.gnome.shell.gschema.xml using configuration
Configuring org.gnome.Shell@x11.service using configuration
Configuring org.gnome.Shell@wayland.service using configuration
Program glib-compile-schemas found: YES (/usr/bin/glib-compile-schemas)
Configuring run-test.sh using configuration
Configuring gnome-shell-dbus-runner.py using configuration
Dependency gio-2.0 found: YES 2.79.1 (cached)
Program /usr/bin/glib-compile-schemas found: YES (/usr/bin/glib-compile-schemas)
Program gtk4-update-icon-cache found: YES (/usr/bin/gtk4-update-icon-cache)
Build targets in project: 154
gnome-shell 46.1
Directories
prefix : /usr
bindir : bin
libdir : lib64
libexecdir : libexec
datadir : share
sysconfdir : /etc
mandir : share/man
Build Configuration
buildtype : debug
debug : true
Build Options
camera_monitor : true
networkmanager : true
systemd : true
extensions_app : true
extensions_tool: true
man : true
gtk_doc : false
Subprojects
extensions-app : YES
extensions-tool: YES
gvc : YES
shew : YES
User defined options
prefix : /usr
Found ninja-1.11.1 at /usr/bin/ninja
Cleaning... 0 files.
[94/94] Generating src/Shell-14.typelib with a custom command
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?