From 44bd310fb751e9222d67bd5636a0ff3a28f810c1 Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Fri, 3 Apr 2026 17:18:22 +0100 Subject: [PATCH] sdk_entry.sh: Fix writing to /dev/stdout and /dev/stderr Entering the SDK via `su` breaks stdout/stderr permissions because the underlying /dev/pts/N device is still owned by root. `sudo` doesn't have this problem. Neither does `runuser`, which might be preferable, but the SDK doesn't have that. This was previously `sudo su`, so changing this to `sudo sudo` might seem logical, but I think the original `sudo` was only there to prevent `su` from asking for a password. That shouldn't happen with a single `sudo` call. Signed-off-by: James Le Cuirot --- sdk_lib/sdk_entry.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sdk_lib/sdk_entry.sh b/sdk_lib/sdk_entry.sh index 262de3751b..e5dc4ede5a 100755 --- a/sdk_lib/sdk_entry.sh +++ b/sdk_lib/sdk_entry.sh @@ -126,16 +126,16 @@ grep -q 'export SYSEXT_SIGNING_KEY_DIR' /home/sdk/.bashrc || { } # This is ugly. -# We need to sudo su - sdk -c so the SDK user gets a fresh login. +# We need to sudo -u sdk -i so the SDK user gets a fresh login. # 'sdk' is member of multiple groups, and plain docker USER only # allows specifying membership of a single group. # When a command is passed to the container, we run, respectively: -# sudo su - sdk -c "". +# sudo -u sdk "". # Then, we need to preserve whitespaces in arguments of commands # passed to the container, e.g. # ./update_chroot --toolchain_boards="amd64-usr arm64-usr". # This is done via a separate ".cmd" file since we have used up -# our quotes for su -c "" already. +# our quotes for sudo "" already. if [ $# -gt 0 ] ; then cmd="/home/sdk/.cmd" echo -n "exec bash -l -i -c '" >"$cmd" @@ -144,10 +144,10 @@ if [ $# -gt 0 ] ; then done echo "'" >>"$cmd" chmod 755 "$cmd" - sudo su sdk -c "$cmd" + sudo -u sdk "$cmd" rc=$? rm -f "$cmd" exit $rc else - exec sudo su -l sdk + exec sudo -u sdk -i fi