From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8857C12E5B for ; Wed, 21 May 2025 07:41:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747813280; cv=none; b=KY2KpNNY+Sc6w5WcBk2SQPyi9CPbGNmlLuujN2MwOyj4/G43AigIqTA+9Hq/qfTVyRBpkIxRBGRgF3NhnYV9AMeiKDy1bdc6GjOsnp00s/QnsZO1MFDdEJNipbLxSzEaGvo+BT0LE8/0gczV7AdMapu+52od/OQOxKXXyofORHE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1747813280; c=relaxed/simple; bh=wSl9Qzpl12t94dAYF34gGaBb8pkESwtrXb5J/VtQelE=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=NVqH3Wkva33B3pHLpq1WyhRvTY6VKekO5ren0Z2x+AM+m+hMYMW0GREBmjBd5zlV/wglMZZ1UvL9QFN3zUdJaGvC24sDmAj6woHWFvhFhwgpE+bVbWYdi2452U1/fsHcs8OsDYUTj6O7H87pCEyh7VP3w+R2AGZc6ExGyl+QJJs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=dCSE8mIs; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="dCSE8mIs" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1508AC4CEE4; Wed, 21 May 2025 07:41:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1747813278; bh=wSl9Qzpl12t94dAYF34gGaBb8pkESwtrXb5J/VtQelE=; h=Date:Reply-To:Subject:To:Cc:References:From:In-Reply-To:From; b=dCSE8mIslCWIaVf2Lsv6WxN0cJncu+X9K3a+8G8ECcTtk5k1ks2GMjBf59EWHgCok FRUYegRNjpV60718h3KyZBHSaXk+7ESH7GcOopI/tjGsfm6SFvj6RHEa4eVDxGz9rf mq8NZxegCl2UoeigXAVM+R8Jqbyup8OX/5pHNeIHP9higx+m1N0N9Si9AyCxFAuxdV Icf0tsoFiMY7R0vP1nypGMjKkqEao79Kaf0jFEXJt3wSj5M5hDjWeOg1NJZQ7wMKc9 j91vqVf5PbWrjVXBM2r11VgnxQk5aSQeDsN/y4TLqLIIuAPVKsEcntRVCX9lVe3NiY Q5bMIa5yphbfQ== Message-ID: Date: Wed, 21 May 2025 09:41:16 +0200 Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Reply-To: da.gomez@kernel.org Subject: Re: [PATCH] update_ssh_config_guestfs: fix incorrect task privilege To: Chuck Lever , kdevops@lists.linux.dev, Luis Chamberlain Cc: Daniel Gomez References: <20250520-fix-update_ssh_config_guestfs-v1-1-f25a9605ad44@samsung.com> Content-Language: en-US From: Daniel Gomez Organization: kernel.org In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 20/05/2025 15.21, Chuck Lever wrote: > On 5/20/25 3:43 AM, Daniel Gomez wrote: >> From: Daniel Gomez >> >> This task does not require elevated privileges, so become: true is >> unnecessary and can be removed. Its use was also causing the task to run >> as root (the default become_user [1]), which led to the following error: >> >> task path: >> /home/cel/src/kdevops/buildbot-configs/playbooks/roles/ >> update_ssh_config_guestfs/tasks/main.yml:73 >> fatal: [localhost]: FAILED! => { >> "changed": false, >> "path": "/root/.ssh/config", >> "state": "absent" >> } >> >> MSG: >> >> file (/root/.ssh/config) is absent, cannot continue >> >> Ensure the task is only run when the conditions are appropiate, i.e. >> when the file exists. >> >> [1] >> https://docs.ansible.com/ansible/latest/playbook_guide/ >> playbooks_privilege_escalation.html#become-directives >> >> Fixes f301c9a ("guestfs: ensure right permissions for ssh config") >> >> Reported-by: Chuck Lever >> Closes: https://lore.kernel.org/all/b2fb6337-f737-4ab9-94a5-f6d5d94db749@oracle.com/ >> Signed-off-by: Daniel Gomez >> --- >> playbooks/roles/update_ssh_config_guestfs/tasks/main.yml | 4 +--- >> 1 file changed, 1 insertion(+), 3 deletions(-) >> >> diff --git a/playbooks/roles/update_ssh_config_guestfs/tasks/main.yml b/playbooks/roles/update_ssh_config_guestfs/tasks/main.yml >> index 6c6c49034d8a0313cda5fd5ca673093f1a8054cf..6606a6c6b0e9393d5d3b455d5d0c3851636e2c59 100644 >> --- a/playbooks/roles/update_ssh_config_guestfs/tasks/main.yml >> +++ b/playbooks/roles/update_ssh_config_guestfs/tasks/main.yml >> @@ -71,9 +71,7 @@ >> Include ~/.ssh/config_kdevops_* >> >> - name: Ensure ~/.ssh/config permissions >> - become: true >> - become_flags: 'su - -c' >> - become_method: ansible.builtin.sudo >> ansible.builtin.file: >> path: ~/.ssh/config >> mode: "0600" >> + when: ssh_config.stat.exists >> >> --- >> base-commit: 3eaf4e7dd4fedff773d7ca1882329109b133911f >> change-id: 20250520-fix-update_ssh_config_guestfs-10e989459fc4 >> >> Best regards, > > Reviewed-by: Chuck Lever > > or > > Tested-by: Chuck Lever > > Take your pick! b4 picked the best option: both. Applied, thanks!