- instead of throwing an error, just print a warning
- can now run as root without cap_sys_admin
- can now run without mount installed
- --skip=check/canmount is not needed anymore
- gpg will not create a trustdb when running with --update-trustdb with
--trust-model=always:
gpg: no need for a trustdb update with 'always' trust model
- subsequent gpg calls will fail because there is no trustdb in GPGHOME
- use $REAL_USER_ID from English instead of $<
- use getgrgid $REAL_GROUP_ID to get the group name instead of assuming
the group name to be equal to the user name
- also check whether /etc/subgid exists and is readable
This is fixing the error:
cannot rmdir /var/lib/apt/lists/auxfiles: Directory not empty at ./mmdebstrap/mmdebstrap line 3084.
which happens when using apt-transport-mirror.
/bin/ping (from iputils-ping) uses the security capabilities to allow
users to use the program:
```
$ getcap /bin/ping
/bin/ping cap_net_raw=ep
```
Debian testing/unstable images (variant important) contain security and
system attributes:
```
$ mmdebstrap --variant=important bullseye root.tar
$ tar --xattrs --xattrs-include='*' -vv -tf root.tar | grep -B 1 '^ '
-rwxr-xr-x* 0/0 77432 2021-02-02 18:49 ./bin/ping
x: 20 security.capability
--
drwxr-sr-x* 0/102 0 2021-05-07 15:10 ./var/log/journal/
x: 44 system.posix_acl_access
x: 44 system.posix_acl_default
```
When generating a squashfs image with mmdebstrap 0.7.5-2, these security
capabilities are lost. Example for building a squashfs image in a
minimal Debian unstable schroot:
```
$ apt install -y mmdebstrap squashfs-tools-ng
$ mmdebstrap --variant=important buster root.squashfs
$ rdsquashfs -x /bin/ping root.squashfs
$
```
tar2sqfs from squashfs-tools-ng 1.0.4-1 supports encoding extended
attributes from the namespace `user`, `trusted`, and `security` (see
`include/sqfs/xattr.h`). GNU tar (version 1.34) supports these three
namespaces plus the namespace `system`.
Passing extended attributes from the `system` namespace to tar2sqfs will
produce an error:
```
ERROR: squashfs does not support xattr prefix of system.posix_acl_default
```
So pass the extended attributes to tar2sqfs, but exclude the `system`
namespace. Then ping will keep its security attributes:
```
$ rdsquashfs -x /bin/ping root.squashfs
security.capability=0x0100000200200000000000000000000000000000
```
Closes: #988100
Signed-off-by: Benjamin Drung <benjamin.drung@ionos.com>
gpg command "--list-keys" requires input files to be passed with
option "--keyring" and each file must match type "public keyring v4"
while gpg command "--show-keys" doesn't require extra options and
handles also ASCII-armored public keyrings as well.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- assume all entries in @devfiles to be in /dev
- allow for /dev, /sys and /proc not to exist in the target and print warning
- allow for /dev entries as well as /sys and /proc not to exist on the outside
- simplify umount by storing special options in @umountopts
- remove superfluous checks for root and unshare mode
- make sure /dev entries are less than 100 chars in size for tar
- even if the user is root, they might not have permission to mount
- check for CAP_SYS_ADMIN and unshare --mount before proceeding
- allow one to disable the check with --skip=check/canmount
- this is useful in container environments like docker
- this is useful when you are already root and want the benefits of
unsharing the mount namespace to prevent messing up your system
- if the unshare mode is used as root, the user namespace is not unshared
anymore and newuidmap, setuid and friends are not called anymore
- if the unshare mode is used as non-root test if the user namespace can be
unshared, otherwise test if the mount namespace can be unshared