debian: preserve k8s env vars when entering pods

Currently "stx control enter" starts bash inside the container as the root user, then runs a child bash instance as user $MYUSER via sudo. This resets the environment for $MYUSER, removing any variables passed to the pod by k8s. Use "runuser" rather than "sudo" when starting bash inside the builder pod. Tests ===== - Verified nothing sensitive is inherited from the root account's environment to $MYUSER - Verified k8s-created env vars are passed to $MYUSER - Performed a full build Story: 2009897 Task: 44691 Signed-off-by: Davlet Panech <davlet.panech@windriver.com> Change-Id: Ib2fcf2b9ed5b644a0c512216c04682bf0d7188af
2022-03-04 16:24:12 -05:00
parent 4aca36cbbb
commit 01144d82d1
1 changed files with 1 additions and 1 deletions
--- a/stx/lib/stx/stx_control.py
+++ b/stx/lib/stx/stx_control.py
@@ -239,7 +239,7 @@ argument. eg: %s \n', container_list)
        if podname:
            if default_docker == 'builder':
                cmd = prefix_exec_cmd + podname
-                cmd = cmd + ' -- bash -l -c \'sudo -u ${MYUNAME} bash \
+                cmd = cmd + ' -- bash -l -c \'runuser -u ${MYUNAME} -- bash \
 --rcfile /home/$MYUNAME/userenv\''
            else:
                cmd = prefix_exec_cmd + podname + ' -- bash'