From 067daaf4c216c3c1fff5c1c91e3d2c708165da94 Mon Sep 17 00:00:00 2001
From: Johannes Schauer Marin Rodrigues <josch@mister-muffin.de>
Date: Fri, 19 Feb 2021 12:53:14 +0100
Subject: [PATCH] also run unshare with --propagation unchanged in root mode

---
 coverage.sh | 37 ++++++++++++++++++++++++++++++++++++-
 mmdebstrap  |  7 ++++++-
 2 files changed, 42 insertions(+), 2 deletions(-)

diff --git a/coverage.sh b/coverage.sh
index 627f746..ac127cb 100755
--- a/coverage.sh
+++ b/coverage.sh
@@ -120,7 +120,7 @@ if [ ! -e shared/hooks/eatmydata/customize.sh ] || [ hooks/eatmydata/customize.s
 	fi
 fi
 starttime=
-total=190
+total=191
 skipped=0
 runtests=0
 i=1
@@ -556,6 +556,41 @@ else
 	runtests=$((runtests+1))
 fi
 
+# Same as above but this time we run mmdebstrap in root mode from inside a
+# chroot.
+print_header "mode=root,variant=apt: root mode inside chroot"
+cat << END > shared/test.sh
+#!/bin/sh
+set -eu
+export LC_ALL=C.UTF-8
+[ "\$(whoami)" = "root" ]
+cat << 'SCRIPT' > script.sh
+#!/bin/sh
+set -eu
+rootfs="\$1"
+mkdir -p "\$rootfs/mnt"
+[ -e /usr/bin/mmdebstrap ] && cp -aT /usr/bin/mmdebstrap "\$rootfs/usr/bin/mmdebstrap"
+[ -e ./mmdebstrap ] && cp -aT ./mmdebstrap "\$rootfs/mnt/mmdebstrap"
+chroot "\$rootfs" env --chdir=/mnt \
+	$CMD --mode=root --variant=apt \
+	$DEFAULT_DIST /tmp/debian-chroot.tar $mirror
+SCRIPT
+chmod +x script.sh
+$CMD --mode=root --variant=apt --include=perl,mount \
+	--customize-hook=./script.sh \
+	--customize-hook="download /tmp/debian-chroot.tar /tmp/debian-chroot.tar" \
+	$DEFAULT_DIST /dev/null $mirror
+tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -
+rm /tmp/debian-chroot.tar script.sh
+END
+if [ "$HAVE_QEMU" = "yes" ]; then
+	./run_qemu.sh
+	runtests=$((runtests+1))
+else
+	./run_null.sh SUDO
+	runtests=$((runtests+1))
+fi
+
 print_header "mode=root,variant=apt: fail with root without cap_sys_admin"
 cat << END > shared/test.sh
 #!/bin/sh
diff --git a/mmdebstrap b/mmdebstrap
index 8f38168..0e78df6 100755
--- a/mmdebstrap
+++ b/mmdebstrap
@@ -4555,7 +4555,12 @@ sub main() {
         # To test whether we can use mount without actually trying to mount
         # something we try unsharing the mount namespace. If this is allowed,
         # then we are also allowed to mount.
-        if (0 == system 'unshare --mount true 2>/dev/null') {
+        #
+        # We need to call unshare with "--propagation unchanged" or otherwise
+        # we get 'cannot change root filesystem propagation' when running
+        # mmdebstrap inside a chroot for which the root of the chroot is not
+        # its own mount point.
+        if (0 == system 'unshare --mount --propagation unchanged -- true') {
             $options->{canmount} = 1;
         } else {
             # if we cannot unshare the mount namespace as root, then we also