unify /proc mounting between root and unshare mode and fall back to rbind-mounting

This makes unshare mode work on salsaci and debci.

mmdebstrap

@@ -1417,12 +1417,13 @@ sub setup_mounts {
             && !-d "/proc") {
             warning("skipping bind-mounting /proc because"
                   . " /proc on the outside is not a directory");
-        } elsif ($options->{mode} eq 'root') {
+        } elsif (any { $_ eq $options->{mode} } ('root', 'unshare')) {
             # we don't know whether we run in root mode inside an unshared
             # user namespace or as real root so we first try the real mount and
             # then fall back to mounting in a way that works in unshared
             if (
-                0 == system(
+                $options->{mode} eq 'root'
+                && 0 == system(
                     'mount', '-t', 'proc', '-o', 'ro', 'proc',
                     "$options->{root}/proc"
                 )
@@ -1451,22 +1452,23 @@ sub setup_mounts {
                     0 == system('umount', '--no-mtab', "$options->{root}/proc")
                       or warning("umount /proc failed: $?");
                 };
+            } elsif (
+                # if mounting proc failed, try bind-mounting it read-only as a
+                # last resort
+                0 == system(
+                    'mount',   '-o',
+                    'rbind', '/proc',
+                    "$options->{root}/proc"
+                )
+            ) {
+                push @cleanup_tasks, sub {
+                    # since we cannot write to /etc/mtab we need --no-mtab
+                    0 == system('umount', '--no-mtab', "$options->{root}/proc")
+                      or warning("umount /proc failed: $?");
+                };
             } else {
                 error "mount /proc failed: $?";
             }
-        } elsif ($options->{mode} eq 'unshare') {
-            # naturally we have to clean up after ourselves in sudo mode where
-            # we do a real mount. But we also need to unmount in unshare mode
-            # because otherwise, even with the --one-file-system tar option,
-            # the permissions of the mount source will be stored and not the
-            # mount target (the directory)
-            push @cleanup_tasks, sub {
-                # since we cannot write to /etc/mtab we need --no-mtab
-                0 == system('umount', '--no-mtab', "$options->{root}/proc")
-                  or warning("umount /proc failed: $?");
-            };
-            0 == system('mount', '-t', 'proc', 'proc', "$options->{root}/proc")
-              or error "mount /proc failed: $?";
         } elsif (any { $_ eq $options->{mode} } ('fakechroot', 'chrootless')) {
             # we cannot mount in fakechroot mode
         } else {