From 01144d82d16701288b9ebb7e99eb7592c4ab6786 Mon Sep 17 00:00:00 2001
From: Davlet Panech <davlet.panech@windriver.com>
Date: Fri, 4 Mar 2022 16:24:12 -0500
Subject: [PATCH] debian: preserve k8s env vars when entering pods

Currently "stx control enter" starts bash inside the container as the
root user, then runs a child bash instance as user $MYUSER via sudo.
This resets the environment for $MYUSER, removing any variables passed
to the pod by k8s.

Use "runuser" rather than "sudo" when starting bash inside the builder
pod.

Tests
=====

- Verified nothing sensitive is inherited from the root account's
  environment to $MYUSER
- Verified k8s-created env vars are passed to $MYUSER
- Performed a full build

Story: 2009897
Task: 44691
Signed-off-by: Davlet Panech <davlet.panech@windriver.com>
Change-Id: Ib2fcf2b9ed5b644a0c512216c04682bf0d7188af
---
 stx/lib/stx/stx_control.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stx/lib/stx/stx_control.py b/stx/lib/stx/stx_control.py
index 8383a0166..21eae29bb 100644
--- a/stx/lib/stx/stx_control.py
+++ b/stx/lib/stx/stx_control.py
@@ -239,7 +239,7 @@ argument. eg: %s \n', container_list)
         if podname:
             if default_docker == 'builder':
                 cmd = prefix_exec_cmd + podname
-                cmd = cmd + ' -- bash -l -c \'sudo -u ${MYUNAME} bash \
+                cmd = cmd + ' -- bash -l -c \'runuser -u ${MYUNAME} -- bash \
 --rcfile /home/$MYUNAME/userenv\''
             else:
                 cmd = prefix_exec_cmd + podname + ' -- bash'