run unshare --mount with --propagation unchanged to prevent 'cannot change root filesystem propagation' when running mmdebstrap from inside a chroot
This commit is contained in:
parent
f976dabb51
commit
73cd7cd2e8
2 changed files with 44 additions and 2 deletions
39
coverage.sh
39
coverage.sh
|
@ -119,7 +119,7 @@ if [ ! -e shared/hooks/eatmydata/customize.sh ] || [ hooks/eatmydata/customize.s
|
|||
fi
|
||||
fi
|
||||
starttime=
|
||||
total=189
|
||||
total=190
|
||||
skipped=0
|
||||
runtests=0
|
||||
i=1
|
||||
|
@ -518,6 +518,43 @@ else
|
|||
runtests=$((runtests+1))
|
||||
fi
|
||||
|
||||
# Before running unshare mode as root, we run "unshare --mount" but that fails
|
||||
# if mmdebstrap itself is executed from within a chroot:
|
||||
# unshare: cannot change root filesystem propagation: Invalid argument
|
||||
# This test tests the workaround in mmdebstrap using --propagation unchanged
|
||||
print_header "mode=root,variant=apt: unshare as root user inside chroot"
|
||||
cat << END > shared/test.sh
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
export LC_ALL=C.UTF-8
|
||||
[ "\$(whoami)" = "root" ]
|
||||
cat << 'SCRIPT' > script.sh
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
rootfs="\$1"
|
||||
mkdir -p "\$rootfs/mnt"
|
||||
[ -e /usr/bin/mmdebstrap ] && cp -aT /usr/bin/mmdebstrap "\$rootfs/usr/bin/mmdebstrap"
|
||||
[ -e ./mmdebstrap ] && cp -aT ./mmdebstrap "\$rootfs/mnt/mmdebstrap"
|
||||
chroot "\$rootfs" env --chdir=/mnt \
|
||||
$CMD --mode=unshare --variant=apt \
|
||||
$DEFAULT_DIST /tmp/debian-chroot.tar $mirror
|
||||
SCRIPT
|
||||
chmod +x script.sh
|
||||
$CMD --mode=root --variant=apt --include=perl,mount \
|
||||
--customize-hook=./script.sh \
|
||||
--customize-hook="download /tmp/debian-chroot.tar /tmp/debian-chroot.tar" \
|
||||
$DEFAULT_DIST /dev/null $mirror
|
||||
tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -
|
||||
rm /tmp/debian-chroot.tar script.sh
|
||||
END
|
||||
if [ "$HAVE_QEMU" = "yes" ]; then
|
||||
./run_qemu.sh
|
||||
runtests=$((runtests+1))
|
||||
else
|
||||
./run_null.sh SUDO
|
||||
runtests=$((runtests+1))
|
||||
fi
|
||||
|
||||
print_header "mode=root,variant=apt: fail with root without cap_sys_admin"
|
||||
cat << END > shared/test.sh
|
||||
#!/bin/sh
|
||||
|
|
|
@ -4482,8 +4482,13 @@ sub main() {
|
|||
# For unshare mode to work we either need to already be the root user
|
||||
# and then we do not have to unshare the user namespace anymore but we
|
||||
# need to be able to unshare the mount namespace...
|
||||
#
|
||||
# We need to call unshare with "--propagation unchanged" or otherwise
|
||||
# we get 'cannot change root filesystem propagation' when running
|
||||
# mmdebstrap inside a chroot for which the root of the chroot is not
|
||||
# its own mount point.
|
||||
if ($EFFECTIVE_USER_ID == 0
|
||||
&& 0 != system 'unshare --mount true 2>/dev/null') {
|
||||
&& 0 != system 'unshare --mount --propagation unchanged -- true') {
|
||||
error "unable to unshare the mount namespace";
|
||||
}
|
||||
# ...or we are not root and then we need to be able to unshare the user
|
||||
|
|
Loading…
Reference in a new issue