Package: debci Version: 3.5.1 Severity: normal The sudoers file included in this package (/etc/sudoers.d/debci) allows the debci group to run /usr/bin/timeout without any password or restrictions; this effectively gives anyone in the debci group unrestricted access to root.
I would recommend replacing: %debci ALL = NOPASSWD:SETENV: /usr/bin/lxc-*, /usr/bin/timeout by the following: %debci ALL = NOPASSWD:SETENV: /usr/bin/lxc-*, /usr/bin/timeout ^[0-9]+ lxc-.*$ so that timeout can only be used to run lxc-* commands; this is all that is needed in autopkgtest-virt-lxc. Best wishes, Julian