jenkins ALL=  \
	NOPASSWD: /usr/sbin/debootstrap *, \
	/usr/bin/tee /chroots/*, \
	/usr/bin/tee -a /chroots/*, \
	/usr/bin/tee /etc/schroot/chroot.d/jenkins*, \
	/bin/chmod +x /chroots/*, \
	/usr/sbin/chroot /chroots/*, \
	/usr/sbin/chroot /media/*, \
	/bin/ls -la /media/*, \
	/bin/rm -rf --one-file-system /chroots/*, \
	/bin/rm -rf --one-file-system /schroots/*, \
	/bin/mv /chroots/* /schroots/*, \
	/bin/mv /schroots/* /schroots/*, \
	/bin/umount -l /chroots/*, \
	/bin/umount -l /media/*, \
	/bin/mount -o loop*, \
	/bin/mount --bind *, \
	/usr/bin/du *, \
	/bin/kill -9 *, \
	/usr/bin/file *, \
	/bin/dd if=/dev/zero of=/dev/jenkins*, \
	/usr/bin/qemu-system-x86_64 *, \
	/usr/bin/qemu-img *, \
	/sbin/lvcreate *, /sbin/lvremove *, \
	/bin/mkdir -p /media/*, \
	/usr/bin/guestmount *, \
	/bin/cp -r /media/*, \
	/bin/chown -R jenkins\:jenkins /var/lib/jenkins/jobs/*,\
	SETENV: NOPASSWD: /usr/sbin/pbuilder *, \
	/bin/rm /var/cache/pbuilder/base.tgz, \
	/bin/cp /var/cache/pbuilder/base.tgz /var/cache/pbuilder/base-reproducible.tgz, \
	/usr/bin/dcmd rm *.changes

# keep these environment variables
Defaults        env_keep += "http_proxy", env_reset