-
Notifications
You must be signed in to change notification settings - Fork 620
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Have sudo run the user's shell when calling config.sh from start-runner.sh #3768
base: main
Are you sure you want to change the base?
feat: Have sudo run the user's shell when calling config.sh from start-runner.sh #3768
Conversation
6d445f5
to
2c17cdb
Compare
I also don't see any negative side effects. However I want to run some tests. Can you share some details about your setup?
|
@bshelton229 please can you check my comment? Also not sure if there is really no impact. |
This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed if no further activity occurs. Thank you for your contributions. |
This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed if no further activity occurs. Thank you for your contributions. |
This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed if no further activity occurs. Thank you for your contributions. |
@bshelton229 would you have to check my comments? And share some details how to test? |
We ran into a really interesting issue where we want the
$PATH
from the$run_as
user's shell. Mostly things that are configured in the bash rc files, like~/.local/bin
, which aren't present in the base system path. I couldn't find a better way to do this. It appears the.path
file is written by theconfig.sh
script, and is then locked into place. I think that happens here - https://github.com/actions/runner/blob/72559572f64f40554d43cfa04e4128725dc2274b/src/Misc/layoutroot/env.sh#L37. We're currently running from AMIs built with this patch.The
-i
flag, according to sudo, willRun the shell specified by the target user's password database entry as a login shell. ...
. Because it enters the shell, it resets PWD back to the home folder of the user, hence setting the full path of theconfig.sh
script when calling it.I can't think of any negative consequences to this, but it's definitely likely to cause runners to have a different path than they do now.