don't use apt sandboxing in fakechroot or proot modes
This commit is contained in:
parent
af13116336
commit
655857e525
1 changed files with 16 additions and 5 deletions
19
mmdebstrap
19
mmdebstrap
|
@ -1605,11 +1605,22 @@ sub run_setup() {
|
||||||
copy($tmpfile, \*STDERR);
|
copy($tmpfile, \*STDERR);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (any { $_ eq $options->{mode} } ('fakechroot', 'proot')) {
|
||||||
|
# Apt dropping privileges to another user than root is not useful in
|
||||||
|
# fakechroot and proot mode because all users are faked and thus there
|
||||||
|
# is no real privilege difference anyways. Thus, we also print no
|
||||||
|
# warning message in this case.
|
||||||
|
open my $fh, '>>', $tmpfile
|
||||||
|
or error "cannot open $tmpfile for appending: $!";
|
||||||
|
print $fh "APT::Sandbox::User \"root\";\n";
|
||||||
|
close $fh;
|
||||||
|
} else {
|
||||||
# when apt-get update is run by the root user, then apt will attempt to
|
# when apt-get update is run by the root user, then apt will attempt to
|
||||||
# drop privileges to the _apt user. This will fail if the _apt user does
|
# drop privileges to the _apt user. This will fail if the _apt user
|
||||||
# not have permissions to read the root directory. In that case, we have
|
# does not have permissions to read the root directory. In that case,
|
||||||
# to disable apt sandboxing.
|
# we have to disable apt sandboxing. This can for example happen in
|
||||||
{
|
# root mode when the path of the chroot is not in a world-readable
|
||||||
|
# location.
|
||||||
my $partial = '/var/lib/apt/lists/partial';
|
my $partial = '/var/lib/apt/lists/partial';
|
||||||
if (
|
if (
|
||||||
system('/usr/lib/apt/apt-helper', 'drop-privs', '--', 'test',
|
system('/usr/lib/apt/apt-helper', 'drop-privs', '--', 'test',
|
||||||
|
|
Loading…
Reference in a new issue