don't use apt sandboxing in fakechroot or proot modes

This commit is contained in:
Johannes 'josch' Schauer 2020-06-08 15:45:22 +02:00
parent af13116336
commit 655857e525
Signed by: josch
GPG key ID: F2CBA5C78FBD83E1

View file

@ -1605,11 +1605,22 @@ sub run_setup() {
copy($tmpfile, \*STDERR); copy($tmpfile, \*STDERR);
} }
# when apt-get update is run by the root user, then apt will attempt to if (any { $_ eq $options->{mode} } ('fakechroot', 'proot')) {
# drop privileges to the _apt user. This will fail if the _apt user does # Apt dropping privileges to another user than root is not useful in
# not have permissions to read the root directory. In that case, we have # fakechroot and proot mode because all users are faked and thus there
# to disable apt sandboxing. # is no real privilege difference anyways. Thus, we also print no
{ # warning message in this case.
open my $fh, '>>', $tmpfile
or error "cannot open $tmpfile for appending: $!";
print $fh "APT::Sandbox::User \"root\";\n";
close $fh;
} else {
# when apt-get update is run by the root user, then apt will attempt to
# drop privileges to the _apt user. This will fail if the _apt user
# does not have permissions to read the root directory. In that case,
# we have to disable apt sandboxing. This can for example happen in
# root mode when the path of the chroot is not in a world-readable
# location.
my $partial = '/var/lib/apt/lists/partial'; my $partial = '/var/lib/apt/lists/partial';
if ( if (
system('/usr/lib/apt/apt-helper', 'drop-privs', '--', 'test', system('/usr/lib/apt/apt-helper', 'drop-privs', '--', 'test',