- instead of throwing an error, just print a warning
- can now run as root without cap_sys_admin
- can now run without mount installed
- --skip=check/canmount is not needed anymore
# It's possible to be root but not be able to mount anything.
# It's possible to be root but not be able to mount anything.
# This is for example the case when running under docker.
# This is for example the case when running under docker.
# Mounting needs CAP_SYS_ADMIN which might not be available.
# Mounting needs CAP_SYS_ADMIN which might not be available.
@ -4671,11 +4668,10 @@ sub main() {
0 == syscall &SYS_capget, $hdrp, $datap
0 == syscall &SYS_capget, $hdrp, $datap
or error "capget failed: $!";
or error "capget failed: $!";
my ($effective, undef) = unpack "LLLLLL", $datap;
my ($effective, undef) = unpack "LLLLLL", $datap;
if (($effective >> $CAP_SYS_ADMIN) & 1 == 1) {
if (($effective >> $CAP_SYS_ADMIN) & 1 != 1) {
# we have CAP_SYS_ADMIN, and thus can mount
# we don't have CAP_SYS_ADMIN, and thus cannot mount
$options->{canmount} = 1;
warning "cannot mount because of missing capability CAP_SYS_ADMIN";
} else {
$options->{canmount} = 0;
error "root mode requires mount which requires CAP_SYS_ADMIN";
}
}
# To test whether we can use mount without actually trying to mount
# To test whether we can use mount without actually trying to mount
# something we try unsharing the mount namespace. If this is allowed,
# something we try unsharing the mount namespace. If this is allowed,
@ -4685,15 +4681,26 @@ sub main() {
# we get 'cannot change root filesystem propagation' when running
# we get 'cannot change root filesystem propagation' when running
# mmdebstrap inside a chroot for which the root of the chroot is not
# mmdebstrap inside a chroot for which the root of the chroot is not
# its own mount point.
# its own mount point.
if (0 == system 'unshare --mount --propagation unchanged -- true') {
if (0 != system 'unshare --mount --propagation unchanged -- true') {
$options->{canmount} = 1;
} else {
# if we cannot unshare the mount namespace as root, then we also
# if we cannot unshare the mount namespace as root, then we also
# cannot mount
# cannot mount
error "root mode requires mount but unshare --mount failed";
warning "cannot mount because unshare --mount failed";
$options->{canmount} = 0;
}
}
if (any { $_ eq $options->{mode} } ('root', 'unshare')) {
if (system('mount --version>/dev/null') != 0) {
warning "cannot execute mount";
$options->{canmount} = 0;
}
}
}
}
# we can only possibly mount in root and unshare mode
if (none { $_ eq $options->{mode} } ('root', 'unshare')) {
$options->{canmount} = 0;
}
my @architectures = ();
my @architectures = ();
foreach my $archs (@{ $options->{architectures} }) {
foreach my $archs (@{ $options->{architectures} }) {
foreach my $arch (split /[,\s]+/, $archs) {
foreach my $arch (split /[,\s]+/, $archs) {
@ -6689,8 +6696,6 @@ Upon startup, several checks are carried out, like:
=item * which mode to use and whether prerequisites are met
=item * which mode to use and whether prerequisites are met
=item * if you are root, check whether you have the ability to mount. This check requires the C<unshare> program from the C<util-linux> package and can be disabled by using B<--skip=check/canmount>.
=item * whether the requested architecture can be executed (requires arch-test) using qemu binfmt_misc support. This requires arch-test and can be disabled using B<--skip=check/qemu>
=item * whether the requested architecture can be executed (requires arch-test) using qemu binfmt_misc support. This requires arch-test and can be disabled using B<--skip=check/qemu>
=item * how the apt sources can be assembled from I<SUITE>, I<MIRROR> and B<--components> and/or from standard input as deb822 or one-line format and whether the required GPG keys exist.
=item * how the apt sources can be assembled from I<SUITE>, I<MIRROR> and B<--components> and/or from standard input as deb822 or one-line format and whether the required GPG keys exist.