Hi Tollef, * Tollef Fog Heen <tfh...@err.no> [2025-03-03 06:20]:
This sounds like a bug in sbuild – it must reset the value of TMP/TMPDIR when changing UIDs.
I tend to disagree here. sbuild is not changing to a different user but to a different UID of the same user. So resetting TMPDIR would mean that sbuild would not respect any TMPDIR and I think that would be wrong. Instead I see two options:
1. sbuild sets acls such that subuids have access to the TMPDIR.2. Proposed by Helumt: sbuild uses O_PATH file descriptor to pass stuff to the user namespace.
I think both options are rather suboptimal and there are more tools running into the same problem, like mmdebstrap in #1052471. So instead of patching every tool to work around the specifics of libpam-tmpdir I would prefer if libpam-tmpdir would learn about subuids.
I'm not sure how libpam-tmpdir would discover any subuids for a given user, do you have ideas here?
Maybe with libsubid-dev. I would also be fine if we just document this problem for now. Cheers Jochen
signature.asc
Description: PGP signature
