diff --git a/mmdebstrap b/mmdebstrap index df32720..2603418 100755 --- a/mmdebstrap +++ b/mmdebstrap @@ -1417,12 +1417,13 @@ sub setup_mounts { && !-d "/proc") { warning("skipping bind-mounting /proc because" . " /proc on the outside is not a directory"); - } elsif ($options->{mode} eq 'root') { + } elsif (any { $_ eq $options->{mode} } ('root', 'unshare')) { # we don't know whether we run in root mode inside an unshared # user namespace or as real root so we first try the real mount and # then fall back to mounting in a way that works in unshared if ( - 0 == system( + $options->{mode} eq 'root' + && 0 == system( 'mount', '-t', 'proc', '-o', 'ro', 'proc', "$options->{root}/proc" ) @@ -1451,22 +1452,23 @@ sub setup_mounts { 0 == system('umount', '--no-mtab', "$options->{root}/proc") or warning("umount /proc failed: $?"); }; + } elsif ( + # if mounting proc failed, try bind-mounting it read-only as a + # last resort + 0 == system( + 'mount', '-o', + 'rbind', '/proc', + "$options->{root}/proc" + ) + ) { + push @cleanup_tasks, sub { + # since we cannot write to /etc/mtab we need --no-mtab + 0 == system('umount', '--no-mtab', "$options->{root}/proc") + or warning("umount /proc failed: $?"); + }; } else { error "mount /proc failed: $?"; } - } elsif ($options->{mode} eq 'unshare') { - # naturally we have to clean up after ourselves in sudo mode where - # we do a real mount. But we also need to unmount in unshare mode - # because otherwise, even with the --one-file-system tar option, - # the permissions of the mount source will be stored and not the - # mount target (the directory) - push @cleanup_tasks, sub { - # since we cannot write to /etc/mtab we need --no-mtab - 0 == system('umount', '--no-mtab', "$options->{root}/proc") - or warning("umount /proc failed: $?"); - }; - 0 == system('mount', '-t', 'proc', 'proc', "$options->{root}/proc") - or error "mount /proc failed: $?"; } elsif (any { $_ eq $options->{mode} } ('fakechroot', 'chrootless')) { # we cannot mount in fakechroot mode } else {