Bugzilla – Bug 1212949
sshuttle.service: sshuttle: sudo: The "no new privileges" flag is set, which prevents sudo from running as root.
Last modified: 2023-07-07 19:05:29 UTC
sshuttle cannot run as a service using "systemctl start sshuttle": sshuttle[27072]: sudo: The "no new privileges" flag is set, which prevents sudo from running as root. This might be due to the hardenings from #1181400, since most of the Private*=True and Protect*=True setting also imply NoNewPrivileges=yes. A plain "sudo -u sshuttle sshuttle -r root@sever.com 10.1.2.3/16" does work.
Setting the following makes sshuttle work again: [Service] PrivateDevices=false ProtectClock=false ProtectHostname=false ProtectKernelTunables=false ProtectKernelModules=false ProtectKernelLogs=false RestrictRealtime=false
I hate these implied settings. I'll have a look
It's to bad that NNP can't be force disabled. I removed these settings and submitted
This is an autogenerated message for OBS integration: This bug (1212949) was mentioned in https://build.opensuse.org/request/show/1096699 Backports:SLE-15-SP4 / sshuttle https://build.opensuse.org/request/show/1096700 Backports:SLE-15-SP5 / sshuttle
openSUSE-RU-2023:0168-1: An update that has one recommended fix can now be installed.\n\nCategory: recommended (moderate)\nBug References: 1212949\nCVE References: \nJIRA References: \nSources used:\nopenSUSE Backports SLE-15-SP4 (src): sshuttle-1.1.0-bp154.2.3.1\n\n
openSUSE-RU-2023:0170-1: An update that has one recommended fix can now be installed.\n\nCategory: recommended (moderate)\nBug References: 1212949\nCVE References: \nJIRA References: \nSources used:\nopenSUSE Backports SLE-15-SP5 (src): sshuttle-1.1.1-bp155.2.3.1\n\n