From fb40bff6106ff796bc5eb8127f0a0712aa68a56a Mon Sep 17 00:00:00 2001
From: David Schneider <dnschneid@chromium.org>
Date: Thu, 6 Dec 2018 16:37:20 -0800
Subject: [PATCH] Use sudo instead of su.

Fixes #3860
---
 host-bin/crash_reporter_wrapper |  3 ++-
 host-bin/enter-chroot           | 10 +++++-----
 host-bin/unmount-chroot         |  4 ++--
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/host-bin/crash_reporter_wrapper b/host-bin/crash_reporter_wrapper
index c977a0d61..de7b13376 100755
--- a/host-bin/crash_reporter_wrapper
+++ b/host-bin/crash_reporter_wrapper
@@ -230,4 +230,5 @@ else
 fi
 
 # Run the generated command within the appropriate chroot
-exec chroot "$root" su -s '/bin/sh' -c "$cmd" - "$username"
+export SHELL=/bin/sh
+exec chroot "$root" sudo -s -u "$username" "$cmd"
diff --git a/host-bin/enter-chroot b/host-bin/enter-chroot
index a630b374f..e1957af1c 100755
--- a/host-bin/enter-chroot
+++ b/host-bin/enter-chroot
@@ -29,7 +29,7 @@ Options:
     -b          Fork and run the specified command silently in the background.
     -c CHROOTS  Directory the chroots are in. Default: $CHROOTS
     -l          Make the command part of a login. Parameters are passed directly
-                to the chroot command, and a call to su is appended.
+                to the chroot command, and a call to sudo is appended.
     -k KEYFILE  Override the auto-detected encryption key location.
     -n NAME     Name of the chroot to enter. Default: first one found in CHROOTS
     -t TARGET   Only enter the chroot if it contains the specified TARGET.
@@ -47,7 +47,7 @@ chrootcmd() {
     # env may be overridden when running in the background; don't let it fork.
     local ret=0 oldtrap="$TRAP"
     TRAP=''
-    env -i chroot "$CHROOT" su -s '/bin/sh' -c "$*" - root || ret=$?
+    env -i SHELL=/bin/sh chroot "$CHROOT" sudo -u root -s "$*" || ret=$?
     local pid="$!"
     # $pid might not be set if env has not been redefined yet
     if [ -n "$BACKGROUND" ] && [ -n "$pid" ]; then
@@ -729,7 +729,7 @@ else
     fi
 
     if [ $# = 0 -o -n "$LOGIN" ]; then
-        env -i TERM="$TERM" chroot "$CHROOT" "$@" su - "$USERNAME" || ret=$?
+        env -i TERM="$TERM" chroot "$CHROOT" "$@" sudo -i -u "$USERNAME" || ret=$?
     else
         # Escape out the command
         cmd="export SHELL='$CHROOTSHELL';"
@@ -739,8 +739,8 @@ else
         for param in "$@"; do
             cmd="$cmd'`echo -n "$param" | sed "s/'/'\\\\\\''/g"`' "
         done
-        env -i TERM="$TERM" chroot "$CHROOT" \
-            su -s '/bin/sh' -c "$cmd" - "$USERNAME" \
+        env -i TERM="$TERM" SHELL=/bin/sh chroot "$CHROOT" \
+            sudo -s -u "$USERNAME" "$cmd" \
             || ret=$?
     fi
 fi
diff --git a/host-bin/unmount-chroot b/host-bin/unmount-chroot
index 617569dbc..f5d482b0a 100755
--- a/host-bin/unmount-chroot
+++ b/host-bin/unmount-chroot
@@ -191,7 +191,7 @@ unmount() {
     fi
 
     # Kill the chroot's system dbus if one is running; failure is fine
-    env -i chroot "$CHROOT" su -s '/bin/sh' -c '
+    env -i SHELL=/bin/sh chroot "$CHROOT" sudo -s -u root '
         pidfile="/var/run/dbus/pid"
         if [ ! -f "$pidfile" ]; then
             exit 0
@@ -200,7 +200,7 @@ unmount() {
         if ! grep -q "^dbus-daemon" "/proc/$pid/cmdline" 2>/dev/null; then
             exit 0
         fi
-        kill $pid' - root 2>/dev/null || true
+        kill $pid' 2>/dev/null || true
 
     # Unmount all mounts
     ntries=0