From 6c77cc48d6e0c9e839ba230289308350047b3303 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Fri, 10 Sep 2021 14:48:45 +0200
Subject: [PATCH] Make --force-root parameter optionally visible again

While tools in this repo don't need it anymore, it still applies to
qvm-appmenus

QubesOS/qubes-issues#6888
---
 qubesadmin/tools/__init__.py | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/qubesadmin/tools/__init__.py b/qubesadmin/tools/__init__.py
index ade58ad3..0240e403 100644
--- a/qubesadmin/tools/__init__.py
+++ b/qubesadmin/tools/__init__.py
@@ -329,6 +329,9 @@ class QubesArgumentParser(argparse.ArgumentParser):
         * '*' consumes zero or more arguments (and produces a list)
         * '+' consumes one or more arguments (and produces a list)
 
+    :param show_forceroot: don't hide --force-root parameter, prevent running
+        as root unless it is given
+
     *kwargs* are passed to :py:class:`argparser.ArgumentParser`.
 
     Currenty supported options:
@@ -337,7 +340,7 @@ class QubesArgumentParser(argparse.ArgumentParser):
         ``--verbose`` and ``--quiet``
     '''
 
-    def __init__(self, vmname_nargs=None, **kwargs):
+    def __init__(self, vmname_nargs=None, show_forceroot=False, **kwargs):
 
         super().__init__(add_help=False, **kwargs)
 
@@ -349,8 +352,15 @@ def __init__(self, vmname_nargs=None, **kwargs):
         self.add_argument('--quiet', '-q', action='count',
                           help='decrease verbosity')
 
-        self.add_argument('--force-root', action='store_true',
-                          default=False, help=argparse.SUPPRESS)
+        if show_forceroot:
+            self.add_argument(
+                '--force-root', action='store_true',
+                default=False,
+                help="Force running the tool even if called as root")
+        else:
+            self.add_argument('--force-root', action='store_true',
+                              default=False, help=argparse.SUPPRESS)
+        self._complain_if_root = show_forceroot
 
         self.add_argument('--help', '-h', action=SubParsersHelpAction,
                           help='show this help message and exit')
@@ -372,6 +382,11 @@ def parse_args(self, *args, **kwargs):
         app = kwargs.pop('app', None)
         namespace = super().parse_args(*args, **kwargs)
 
+        if self._complain_if_root and \
+                os.getuid() == 0 and \
+                not namespace.force_root:
+            self.error('refusing to run as root; add --force-root to override')
+
         self.set_qubes_verbosity(namespace)
         if app is not None:
             namespace.app = app