don't use apt sandboxing in fakechroot or proot modes

mmdebstrap

@@ -1605,11 +1605,22 @@ sub run_setup() {
         copy($tmpfile, \*STDERR);
     }
 
-    # when apt-get update is run by the root user, then apt will attempt to
-    # drop privileges to the _apt user. This will fail if the _apt user does
-    # not have permissions to read the root directory. In that case, we have
-    # to disable apt sandboxing.
-    {
+    if (any { $_ eq $options->{mode} } ('fakechroot', 'proot')) {
+        # Apt dropping privileges to another user than root is not useful in
+        # fakechroot and proot mode because all users are faked and thus there
+        # is no real privilege difference anyways. Thus, we also print no
+        # warning message in this case.
+        open my $fh, '>>', $tmpfile
+          or error "cannot open $tmpfile for appending: $!";
+        print $fh "APT::Sandbox::User \"root\";\n";
+        close $fh;
+    } else {
+        # when apt-get update is run by the root user, then apt will attempt to
+        # drop privileges to the _apt user. This will fail if the _apt user
+        # does not have permissions to read the root directory. In that case,
+        # we have to disable apt sandboxing. This can for example happen in
+        # root mode when the path of the chroot is not in a world-readable
+        # location.
         my $partial = '/var/lib/apt/lists/partial';
         if (
             system('/usr/lib/apt/apt-helper', 'drop-privs', '--', 'test',