Hi, Quoting Francesco Poli (2020-11-16 00:05:08) > On Sun, 15 Nov 2020 23:09:27 +0100 Johannes Schauer wrote: > > Quoting Francesco Poli (2020-11-15 22:57:38) > As I have previously said, I am worried by security implications of > setting "kernel.unprivileged_userns_clone=1" with sysctl. > Bug #898446 is still being discussed...
I agree. Similarly I am worried about the security implications of running the
whole thing as root. It would be great if fakechroot would work. In the
meantime, I managed to track down the problem a bit. I put this shell snippet:
case "`FAKECHROOT_DETECT=1 /bin/echo`" in fakechroot*) echo LOADED;;*) echo NOT
LOADED;;esac
Into various places like /etc/kernel/postinst.d/initramfs-tools,
/etc/kernel/postinst.d/initramfs-tools, /usr/sbin/update-initramfs,
/usr/sbin/mkinitramfs and /usr/share/initramfs-tools/hooks/klibc-utils and
found out that fakechroot still remains active all the way down to the deepest
level where the error is then produced by this line:
cp -pnL /usr/lib/klibc/bin/* "${DESTDIR}/bin"
The files in question *do* exist, what seems to be the problem are the
wildcards. For example this works:
mmdebstrap --mode=fakechroot --variant=apt --customize-hook='chroot "$1" sh
-c "ls *"' unstable /dev/null
and so does this:
mmdebstrap --mode=fakechroot --variant=apt --customize-hook='chroot "$1" sh
-c "ls ./*"' unstable /dev/null
But this fails:
mmdebstrap --mode=fakechroot --variant=apt --customize-hook='chroot "$1" sh
-c "ls /*"' unstable /dev/null
So as soon as the wildcard is part of an absolute path, things start breaking.
Do you have the time to investigate further on this issue? This does not seem
to be a problem of initramfs-tools or a problem of fakechroot not being enabled
but a weird problem with fakechroot.
Thanks!
cheers, josch
signature.asc
Description: signature
