git-echo/linux_patch_api
Private
Public Access
1
0
Fork 0
Code Releases 32 Wiki Activity

fix: remove sudo from apt commands and RestrictSUIDSGID from service
All checks were successful
CI/CD Pipeline / Code Format (push) Successful in 2s
Details
CI/CD Pipeline / Clippy Lints (push) Successful in 1m17s
Details
CI/CD Pipeline / Unit Tests (push) Successful in 56s
Details
CI/CD Pipeline / Security Audit (push) Successful in 15s
Details
CI/CD Pipeline / Build Debian Package (Ubuntu 22.04) (push) Successful in 1m57s
Details
CI/CD Pipeline / Build Arch Package (push) Successful in 1m53s
Details
CI/CD Pipeline / Build Alpine Package (push) Successful in 3m17s
Details
CI/CD Pipeline / Build RPM Package (push) Successful in 3m36s
Details
CI/CD Pipeline / Build Debian Package (push) Successful in 2m11s
Details

Browse Source 
- Remove sudo from apt command execution (service runs as root)
- Remove RestrictSUIDSGID from systemd service (blocks setuid for apt/dpkg)
- Remove NoNewPrivileges from systemd service (blocks sudo PERM_SUDOERS)
- Bump version to 0.3.2
This commit is contained in:
Echo
2026-05-03 02:24:52 +00:00
parent 2b35a143da
commit 9e42f32270
6 changed files with 16 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/packages/mod.rs
View File

@ -98,18 +98,9 @@ impl AptBackend {
/// Run apt command and capture output
fn run_apt(&self, args: &[&str]) -> Result<String> {
// Use sudo for operations that modify packages (install, upgrade, remove, purge)
let needs_sudo = args.first().is_some_and(|&cmd| {
matches!(
cmd,
"install" | "upgrade" | "remove" | "purge" | "dist-upgrade" | "autoremove"
)
});
let (program, cmd_args): (&str, Vec<&str>) = if needs_sudo {
("sudo", ["apt"].iter().chain(args.iter()).copied().collect())
} else {
("apt", args.to_vec())
};
// Service runs as root - no sudo needed for apt commands
let program = "apt";
let cmd_args: Vec<&str> = args.to_vec();
let output = Command::new(program)
.args(&cmd_args)