Skip to content

Instantly share code, notes, and snippets.

@velzie
Last active November 24, 2024 17:55
Show Gist options
  • Save velzie/a5088c9ade6ec4d35435b9826b45d7a3 to your computer and use it in GitHub Desktop.
Save velzie/a5088c9ade6ec4d35435b9826b45d7a3 to your computer and use it in GitHub Desktop.
Re-Enable sudo from crosh on R117+ Chrome OS without recompiling

Short guide on how to bypass this:

image

If you haven't disabled rootfs verification, switch to vt-2 and run /usr/libexec/debugd/helpers/dev_features_rootfs_verification. Then reboot.

Inside crostini, download minioverride.c and compile it with gcc minioverride.c -o minioverride.so -shared (make sure gcc is installed)

In the files app, move minioverride.so into your downloads folder.

Switch to vt2, and in the root terminal, not crostini, run these commands

mkdir -p /usr/local/bin
mv /home/chronos/user/Downloads/minioverride.so /usr/local/bin/
chmod +x /usr/local/bin/minioverride.so
sed -i '1s/^/env LD_PRELOAD=\/usr\/local\/bin\/minioverride.so\n/' /etc/init/ui.conf 
reboot

After rebooting you should be able to use sudo inside crosh as you would normally before updating to 117. It will display the warning, but sudo should work regardless.

NOTE: When you update chrome os versions, this will stop working. You don't need to redo the whole thing, just run /usr/libexec/debugd/helpers/dev_features_rootfs_verification, reboot and run sed -i '1s/^/env LD_PRELOAD=\/usr\/local\/bin\/minioverride.so\n/' /etc/init/ui.conf and reboot again.

1/29 - added fix for landlock policy (fixes permission denied writing to disk) restart the entire process with the updated c code if you want to fix it

int minijail_no_new_privs(){
return 0;
}
int minijail_add_fs_restriction_rx(){
return 0;
}
int minijail_add_fs_restriction_advanced_rw(){
return 0;
}
int minijail_set_enable_profile_fs_restrictions(){
return 0;
}
int minijail_enable_default_fs_restrictions(){
return 0;
}
@Arfonium
Copy link

@DennisLfromGA
Copy link

@Arfonium,

That's the first step listed in the instructions above.

DennyL

@YeesterPlus
Copy link

you can also do chromebrew and uninstall crew-sudo!

@DennisLfromGA
Copy link

@YeesterPlus,

I think you mean you can also use chromebrew and install crew-sudo!
However with crew-sudo v1.1 you don't need chromebrew.

~DennyL

@DragonFire1024
Copy link

of you can't compile minioverride.so, you can just download it from here. Tested and works on my Dell Chromebook 5190.

@ianhill00
Copy link

1/29 - added fix for landlock policy (fixes permission denied writing to disk) restart the entire process with the updated c code if you want to fix

Thank you very much for this, I have been pulling my hair out (what's left) trying to get use to VT2.
If a future update stops this from working, is there a way to stop VT2 scrolling or pause when using certain commands.
Once again, thank you so much

@YeesterPlus
Copy link

no, no crew-sudo, it has issues, instead use this allower

@NipunEranda
Copy link

You are a lifesaver. Thank you so much!

@kxtzownsu
Copy link

of you can't compile minioverride.so, you can just download it from here. Tested and works on my Dell Chromebook 5190.

I don't think i've ever had minioverride.so on my download site, now I might add it just because 🤷‍♀️

@hattmall1
Copy link

of you can't compile minioverride.so, you can just download it from here. Tested and works on my Dell Chromebook 5190.

I don't think i've ever had minioverride.so on my download site, now I might add it just because 🤷‍♀️

Is this up? I can't find that file on the link?

@kxtzownsu
Copy link

kxtzownsu commented Oct 18, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment