From 640d854c2e0f139fdfbd60ddaffc5dfe72063fc0 Mon Sep 17 00:00:00 2001 From: Johannes 'josch' Schauer Date: Mon, 1 Oct 2018 17:17:34 +0200 Subject: [PATCH] mount a new sysfs when root and don't unmount with --recursive --- mmdebstrap | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/mmdebstrap b/mmdebstrap index 919668b..b291f6a 100755 --- a/mmdebstrap +++ b/mmdebstrap @@ -1076,9 +1076,15 @@ sub setup { chmod $mode, "$options->{root}/$fname"; } # We can only mount /proc and /sys after extracting the essential - # set because if we mount it before, then base-files not be able + # set because if we mount it before, then base-files will not be able # to extract those - 0 == system('mount', '-o', 'rbind', '/sys', "$options->{root}/sys") or die "mount failed: $?"; + if ($options->{mode} eq 'unshare') { + # without the network namespace unshared, we cannot mount a new + # sysfs. Since we need network, we just bind-mount. + 0 == system('mount', '-o', 'rbind', '/sys', "$options->{root}/sys") or die "mount failed: $?"; + } else { + 0 == system('mount', '-t', 'sysfs', '-o', 'nosuid,nodev,noexec', 'sys', "$options->{root}/sys") or die "mount failed: $?"; + } 0 == system('mount', '-t', 'proc', 'proc', "$options->{root}/proc") or die "mount failed: $?"; # prevent daemons from starting @@ -1135,7 +1141,7 @@ sub setup { } # no need to umount if the mount namespace was unshared if ($options->{mode} ne 'unshare') { - 0 == system('umount', '--no-mtab', '--recursive', '--lazy', "$options->{root}/sys") or die "umount failed: $?"; + 0 == system('umount', '--no-mtab', "$options->{root}/sys") or die "umount failed: $?"; 0 == system('umount', '--no-mtab', "$options->{root}/proc") or die "umount failed: $?"; } }