Merge pull request #154 from jschpp/fix_nix_polkit

Fixed ci tests for run0
ifd3f · Nov 27, 2024 · cd50799 · cd50799
2 parents a2a9dc0 + ed40d17
commit cd50799
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 3 deletions.
diff --git a/checks/autoescalate/default.nix b/checks/autoescalate/default.nix
@@ -23,6 +23,8 @@ nixosTest {
         else if escalationTool == "run0" then {
           security.sudo.enable = mkForce false;
 
+          security.polkit.enable = true;
+
           # see https://warlord0blog.wordpress.com/2024/07/30/passwordless-run0/
           security.polkit.extraConfig = ''
             polkit.addRule(function(action, subject) {

diff --git a/checks/default.nix b/checks/default.nix
@@ -18,8 +18,8 @@ in with lib;
       pkgs.callPackage ./autoescalate { escalationTool = "doas"; };
     autoescalate-sudo =
       pkgs.callPackage ./autoescalate { escalationTool = "sudo"; };
-    # autoescalate-run0 =
-    #   pkgs.callPackage ./autoescalate { escalationTool = "run0"; };
+     autoescalate-run0 =
+       pkgs.callPackage ./autoescalate { escalationTool = "run0"; };
   } //
 
   # blocksize alignment tests

diff --git a/src/escalation/unix.rs b/src/escalation/unix.rs
@@ -27,7 +27,9 @@ pub struct Command<'a> {
 }
 
 impl EscalationMethod {
-    const ALL: [EscalationMethod; 4] = [Self::Sudo, Self::Doas, Self::Su, Self::Run0];
+    // Order is relevant here. Since this array is enumerated in `EscalationMethod::detect()`
+    // The first esalation found tool will be used
+    const ALL: [EscalationMethod; 4] = [Self::Sudo, Self::Doas, Self::Run0, Self::Su];
 
     pub fn detect() -> Result<Self, Error> {
         for m in Self::ALL {