All-Hands-AI
run sudo commands as root
devin user can't run sudo commands which prevent it from installing software like nodejs
rather than install the sudo binary and modifying visudo file, i thought we could just do this
alternatively we could just default the docker user as root?
This seems like it might be a little unreliable. E.g. the command could be echo 'y' | sudo apt-get install foo
There are also sometimes problems with running one command as sudo, then trying to use the result as a regular user. E.g. file ownership might be wrong.
Curious what others think--making devin a sudoer might be a more reliable way to do this. But you're right on the password requirement...
That's a good point. I think including sudo in the docker image is the way to go. Regarding passwords, there's a NOPASSWD config for visudo that we will can use
We can probably tweak the sandbox's dockerfile to make the devin user into the sudoer's group, then apply the NOPASSWD config? Not sure allowing devin user to have access to sudo will have any unintended consequences (e.g., devin creates root files in the mount directly where the outside human user cannot read).
Only issue with sudo is that the container uses the same userspace as the host system (IIUC), so that if there were a bug allowing devin to escape the container, he'd have root on the host system. But that would involve:
- A Docker bug allowing container escape (it happens!)
- An attacker getting OpenDevin to execute malicious code
Only issue with
sudois that the container uses the same userspace as the host system (IIUC), so that if there were a bug allowing devin to escape the container, he'd have root on the host system.
How about using user namespace with re-mapping? https://docs.docker.com/engine/security/userns-remap/
Looks promising!
Honestly I think near-term it's fine to run as sudo, if that improves quality. But we should have a long-term issue open to figure this out.
Sounds like we should abandon this one, and maybe turn off RUN_AS_DEVIN for everyone