If a secret path is a subset of a second secret path, there's a risk
that its secret is substituted for the matching part of the second
path. To prevent this, use the sha256 of the paths as placeholder
string instead.
GDM enables Wayland on supported platforms automatically (see ${gnome.gdm}/lib/udev/rules.d/61-gdm.rules), so we removed the `gdm.nvidiaWayland` option.
You will still need `hardware.nvidia.modesetting.enable = true;` with `nvidia` driver, though.
The test failed with
> Test "test5 user should not be able to run commands under root" failed with
> error: "invalid literal for int() with base 10: ''"
since 2492da88ea.
The reason for this is that `sudo(8)` writes the lecture to the
tty[1] and only as a fallback to stdout[2]. This means that the
`base64 --wrap 0` executed by `machine.execute()` doesn't affect the
text written to the terminal, however the lecture is part of the string
that's read from the VM via `shell.recv()`.
I confirmed the problem in an interactive test session[3]:
>>> command = "sudo -u test5 sudo -n -u root true"
>>> out_command = f"( set -euo pipefail; {command} ) | (base64 --wrap 0; echo)\n"
>>> machine.shell.send(out_command.encode())
84
>>> machine # [ 99.015512] sudo[877]: root : TTY=hvc0 ; PWD=/tmp ; USER=test5 ; COMMAND=/run/wrappers/bin/sudo -n -u root true
machine # [ 99.019373] sudo[877]: pam_unix(sudo:session): session opened for user test5(uid=1005) by (uid=0)
machine # [ 99.038692] sudo[879]: pam_unix(sudo:auth): conversation failed
machine # sudo: a password is required
machine # [ 99.041860] sudo[879]: pam_unix(sudo:auth): auth could not identify password for [test5]
machine # [ 99.046901] sudo[877]: pam_unix(sudo:session): session closed for user test5
>>>
>>> x=machine._next_newline_closed_block_from_shell()
>>> print(x)
<newline>
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
<newline>
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
<newline>
<newline>
<newline>
>>>
Since the lecture isn't strictly necessary to confirm that
`security.sudo` works as expected, I decided to disable lecturing
inside the test, however we may want to fix the underlying problem in
the test-driver at some point.
[1] https://github.com/sudo-project/sudo/blob/SUDO_1_9_9/plugins/sudoers/check.c#L275-L283
[2] https://github.com/sudo-project/sudo/blob/SUDO_1_9_9/src/conversation.c#L95-L120
[3] I replaced each empty line with `<newline>` to make sure these
aren't swallowed by git.