Package: autopkgtest
Version: 5.38
Severity: normal
X-Debbugs-Cc: par...@debian.org, elb...@debian.org, jspri...@debian.org
User: autopkgt...@packages.debian.org
Usertags: unshare
autopkgtest-virt-unshare invokes
`/usr/sbin/useradd --create-home --root {rootdir} unshare`
during setup, at a stage at which it has not yet populated /dev.
According to discussion in #1077876, this is troublesome in Ubuntu (which
has a patched useradd), and it could become a problem in Debian in future.
Having at least a basic /dev is "part of the API" for a Debian
chroot/container, and we should not expect third-party code to operate
correctly with an empty /dev unless it was specifically written to
accommodate that.
(See also https://systemd.io/CONTAINER_INTERFACE/ "Execution environment" -
but bear in mind that in that document, the assumption is that you'll be
running systemd as pid 1, which we don't do in unshare containers.)
On Mon, 05 Aug 2024 at 16:17:52 +0200, Paride Legovini wrote:
> OK, what I said is not really true: autopkgtest-virt-unshare does this:
>
> https://salsa.debian.org/ci-team/autopkgtest/-/blob/30c9c0a589aa49bc86649b825b29a1be647d8c26/virt/autopkgtest-virt-unshare#L128
>
> and it is during that early useradd call that /dev/null does not exist.
I think now that we automatically run create-normal-user (since 5.23),
it can probably drop that, and also drop "suggested-normal-user=unshare"
from its capabilities. It's no longer necessary for a testbed to have
non-root users if it has both root-on-testbed and revert-full-system,
because autopkgtest will automatically create an unprivileged user to
use for testing.
Or, if it's necessary to create this user for whatever reason, then we
should run it with a populated /dev: this probably means wrapping it
in lib/unshare-helper.
smcv
