From 73cd7cd2e89e4091e44e7704cfaf5d9fe5956223 Mon Sep 17 00:00:00 2001 From: Johannes Schauer Marin Rodrigues Date: Sat, 6 Feb 2021 10:11:53 +0100 Subject: [PATCH] run unshare --mount with --propagation unchanged to prevent 'cannot change root filesystem propagation' when running mmdebstrap from inside a chroot --- coverage.sh | 39 ++++++++++++++++++++++++++++++++++++++- mmdebstrap | 7 ++++++- 2 files changed, 44 insertions(+), 2 deletions(-) diff --git a/coverage.sh b/coverage.sh index 63b652c..442a087 100755 --- a/coverage.sh +++ b/coverage.sh @@ -119,7 +119,7 @@ if [ ! -e shared/hooks/eatmydata/customize.sh ] || [ hooks/eatmydata/customize.s fi fi starttime= -total=189 +total=190 skipped=0 runtests=0 i=1 @@ -518,6 +518,43 @@ else runtests=$((runtests+1)) fi +# Before running unshare mode as root, we run "unshare --mount" but that fails +# if mmdebstrap itself is executed from within a chroot: +# unshare: cannot change root filesystem propagation: Invalid argument +# This test tests the workaround in mmdebstrap using --propagation unchanged +print_header "mode=root,variant=apt: unshare as root user inside chroot" +cat << END > shared/test.sh +#!/bin/sh +set -eu +export LC_ALL=C.UTF-8 +[ "\$(whoami)" = "root" ] +cat << 'SCRIPT' > script.sh +#!/bin/sh +set -eu +rootfs="\$1" +mkdir -p "\$rootfs/mnt" +[ -e /usr/bin/mmdebstrap ] && cp -aT /usr/bin/mmdebstrap "\$rootfs/usr/bin/mmdebstrap" +[ -e ./mmdebstrap ] && cp -aT ./mmdebstrap "\$rootfs/mnt/mmdebstrap" +chroot "\$rootfs" env --chdir=/mnt \ + $CMD --mode=unshare --variant=apt \ + $DEFAULT_DIST /tmp/debian-chroot.tar $mirror +SCRIPT +chmod +x script.sh +$CMD --mode=root --variant=apt --include=perl,mount \ + --customize-hook=./script.sh \ + --customize-hook="download /tmp/debian-chroot.tar /tmp/debian-chroot.tar" \ + $DEFAULT_DIST /dev/null $mirror +tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt - +rm /tmp/debian-chroot.tar script.sh +END +if [ "$HAVE_QEMU" = "yes" ]; then + ./run_qemu.sh + runtests=$((runtests+1)) +else + ./run_null.sh SUDO + runtests=$((runtests+1)) +fi + print_header "mode=root,variant=apt: fail with root without cap_sys_admin" cat << END > shared/test.sh #!/bin/sh diff --git a/mmdebstrap b/mmdebstrap index c58bf72..22c6610 100755 --- a/mmdebstrap +++ b/mmdebstrap @@ -4482,8 +4482,13 @@ sub main() { # For unshare mode to work we either need to already be the root user # and then we do not have to unshare the user namespace anymore but we # need to be able to unshare the mount namespace... + # + # We need to call unshare with "--propagation unchanged" or otherwise + # we get 'cannot change root filesystem propagation' when running + # mmdebstrap inside a chroot for which the root of the chroot is not + # its own mount point. if ($EFFECTIVE_USER_ID == 0 - && 0 != system 'unshare --mount true 2>/dev/null') { + && 0 != system 'unshare --mount --propagation unchanged -- true') { error "unable to unshare the mount namespace"; } # ...or we are not root and then we need to be able to unshare the user