Hi, Quoting Trent W. Buck (2022-03-25 05:15:41) > I see a quite odd behaviour where "find ... -type f" inside a customize hook > is matching device files. > As a simple test, "find /dev -type f" finds /dev/zero inside mmdebstrap, but > not outside mmdebstrap.
the unshared user doesn't have permissions to run mknod but we still need devices like /dev/null in unshare mode. To solve this problem mmdebstrap bind-mounts /dev/null to a real file. You can reproduce your findings without mmdebstrap like so: sudo touch null sudo mount -t bind /dev/null null Now run your find and stat calls and you will get the same results as you did inside mmdebstrap in unshare mode. So this behaviour is not unique to the unshared user namespace but happens outside of it as well if you bind-mount device nodes on files. Thanks! cheers, josch
signature.asc
Description: signature
