add --skip=chroot/mount and --skip=chroot/mount/dev, --skip=chroot/mount/proc, --skip=chroot/mount/sys

This commit is contained in:
Johannes Schauer Marin Rodrigues 2022-09-02 23:27:27 +02:00
parent e61e352f67
commit add9412a47
Signed by untrusted user: josch
GPG key ID: F2CBA5C78FBD83E1
3 changed files with 126 additions and 91 deletions

View file

@ -266,6 +266,9 @@ Test: remove-start-stop-daemon-and-policy-rc-d-in-hook
Test: skip-start-stop-daemon-policy-rc Test: skip-start-stop-daemon-policy-rc
Test: skip-mount
Modes: unshare
Test: compare-output-with-pre-seeded-var-cache-apt-archives Test: compare-output-with-pre-seeded-var-cache-apt-archives
Needs-QEMU: true Needs-QEMU: true
Variants: any Variants: any

View file

@ -1104,8 +1104,10 @@ sub run_chroot {
} }
} elsif ($type == 3 or $type == 4) { } elsif ($type == 3 or $type == 4) {
# character/block special # character/block special
if ((any { $_ eq $options->{mode} } ('root', 'unshare')) if (any { $_ =~ '^chroot/mount(?:/dev)?$' }
&& !$options->{canmount}) { @{ $options->{skip} }) {
info "skipping chroot/mount/dev as requested";
} elsif (!$options->{canmount}) {
warning "skipping bind-mounting ./dev/$fname"; warning "skipping bind-mounting ./dev/$fname";
} elsif (!$options->{havemknod}) { } elsif (!$options->{havemknod}) {
if (!-d "$options->{root}/dev") { if (!-d "$options->{root}/dev") {
@ -1160,15 +1162,19 @@ sub run_chroot {
"$options->{root}/dev/$fname") "$options->{root}/dev/$fname")
or error "mount ./dev/$fname failed: $?"; or error "mount ./dev/$fname failed: $?";
} }
} elsif ($type == 5 } elsif ($type == 5) {
&& (any { $_ eq $options->{mode} } ('root', 'unshare')) # directory
&& !$options->{canmount}) { if (any { $_ =~ '^chroot/mount(?:/dev)?$' }
@{ $options->{skip} }) {
info "skipping chroot/mount/dev as requested";
} elsif (!$options->{canmount}) {
warning "skipping bind-mounting ./dev/$fname"; warning "skipping bind-mounting ./dev/$fname";
} elsif ($type == 5) { # directory } else {
if (!-d "$options->{root}/dev") { if (!-d "$options->{root}/dev") {
warning( warning(
"skipping creation of ./dev/$fname because the" "skipping creation of ./dev/$fname because the"
. " /dev directory is missing in the target"); . " /dev directory is missing in the target"
);
next; next;
} }
if (!-e "/dev/$fname" && $fname ne "pts/") { if (!-e "/dev/$fname" && $fname ne "pts/") {
@ -1192,7 +1198,8 @@ sub run_chroot {
}; };
if (-e "$options->{root}/dev/$fname") { if (-e "$options->{root}/dev/$fname") {
if (!-d "$options->{root}/dev/$fname") { if (!-d "$options->{root}/dev/$fname") {
error "./dev/$fname already exists but is not" error
"./dev/$fname already exists but is not"
. " a directory"; . " a directory";
} }
} else { } else {
@ -1209,8 +1216,8 @@ sub run_chroot {
} @$err } @$err
)); ));
} elsif ($num_created == 0) { } elsif ($num_created == 0) {
error error( "cannot create $options->{root}"
"cannot create $options->{root}/dev/$fname"; . "/dev/$fname");
} }
} }
chmod $mode, "$options->{root}/dev/$fname" chmod $mode, "$options->{root}/dev/$fname"
@ -1251,6 +1258,7 @@ sub run_chroot {
"$options->{root}/dev/$fname") "$options->{root}/dev/$fname")
or error "mount ./dev/$fname failed: $?"; or error "mount ./dev/$fname failed: $?";
} }
}
} else { } else {
error "unsupported type: $type"; error "unsupported type: $type";
} }
@ -1269,6 +1277,9 @@ sub run_chroot {
# set because if we mount it before, then base-files will not be able # set because if we mount it before, then base-files will not be able
# to extract those # to extract those
if ((any { $_ eq $options->{mode} } ('root', 'unshare')) if ((any { $_ eq $options->{mode} } ('root', 'unshare'))
&& (any { $_ =~ '^chroot/mount(?:/sys)?$' } @{ $options->{skip} })) {
info "skipping chroot/mount/sys as requested";
} elsif ((any { $_ eq $options->{mode} } ('root', 'unshare'))
&& !$options->{canmount}) { && !$options->{canmount}) {
warning "skipping mount sysfs"; warning "skipping mount sysfs";
} elsif ((any { $_ eq $options->{mode} } ('root', 'unshare')) } elsif ((any { $_ eq $options->{mode} } ('root', 'unshare'))
@ -1344,6 +1355,9 @@ sub run_chroot {
error "unknown mode: $options->{mode}"; error "unknown mode: $options->{mode}";
} }
if ((any { $_ eq $options->{mode} } ('root', 'unshare')) if ((any { $_ eq $options->{mode} } ('root', 'unshare'))
&& (any { $_ =~ '^chroot/mount(?:/proc)?$' } @{ $options->{skip} })) {
info "skipping chroot/mount/proc as requested";
} elsif ((any { $_ eq $options->{mode} } ('root', 'unshare'))
&& !$options->{canmount}) { && !$options->{canmount}) {
warning "skipping mount proc"; warning "skipping mount proc";
} elsif ((any { $_ eq $options->{mode} } ('root', 'unshare')) } elsif ((any { $_ eq $options->{mode} } ('root', 'unshare'))
@ -6783,6 +6797,12 @@ out in B<extract> mode.
Run B<--customize-hook> options and all F<customize*> scripts in B<--hook-dir>. Run B<--customize-hook> options and all F<customize*> scripts in B<--hook-dir>.
This step is not carried out in B<extract> mode. This step is not carried out in B<extract> mode.
Whenever B<mmdebstrap> does a chroot call in B<root> or B<unshare> modes, it
will mount relevant device nodes, F</proc> and F</sys> into the chroot and
unmount them afterwards. This can be disabled using B<--skip=chroot/mount> or
specifically by B<--skip=chroot/mount/dev>, B<--skip=chroot/mount/proc> and
B<--skip=chroot/mount/sys>, respectively.
For each command that is run inside the chroot, B<mmdebstrap> will disable For each command that is run inside the chroot, B<mmdebstrap> will disable
running services by temporarily moving F</usr/sbin/policy-rc.d> and running services by temporarily moving F</usr/sbin/policy-rc.d> and
F</sbin/start-stop-daemon> if they exist. This can be disabled with F</sbin/start-stop-daemon> if they exist. This can be disabled with

12
tests/skip-mount Normal file
View file

@ -0,0 +1,12 @@
#!/bin/sh
set -eu
export LC_ALL=C.UTF-8
[ "{{ MODE }}" = "unshare" ]
trap "rm -f /tmp/debian-chroot.tar" EXIT INT TERM
{{ CMD }} --mode=unshare --variant=apt \
--skip=chroot/mount/proc,chroot/mount/sys \
--customize-hook='mountpoint "$1"/dev/null' \
--customize-hook='if mountpoint "$1"/sys; then exit 1; fi' \
--customize-hook='if mountpoint "$1"/proc; then exit 1; fi' \
{{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }}
tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -