Package: libsbuild-perl Version: 0.85.8 Tags: ftbfs patch Control: affects -1 + src:mediascanner2 src:lomiri-thumbnailer
Hi Johannes and Jochen, Jochen asked me to look into why the affected packages FTBFS when using unshare chroot-mode. I managed to reproduce the failure, run the failing test in isolation, capture an strace, stare at the strace output, codesearch for random strings such as "com.canonical.MediaScanner2.Error.Unauthorized" and following it down to "check_access", "does_client_have_access", "get_client_apparmor_context" and finally "aa_is_enabled". That was a clue to look into AppArmor, so I ran "aa-enabled" on various configurations: * bookworm without apparmor -> Yes * Something with apparmor -> Yes * sbuild --chroot-mode=unshare -> Yes * sbuild --chroot-mode=schroot -> Maybe I think you spot the difference. The tests believe that AppArmor is working when it really is not and thus fail as the AppArmor context does not come back in the expected way. That leaves the question of why AppArmor looks like it was working. It's because /sys/kernel/security/apparmor exists. The https://systemd.io/CONTAINER_INTERFACE/ documents /sys/kernel to be inaccessible. Once you do that (and sbuild makes it really hard to do that), both packages can be built. I'm attaching a patch for your convenience. Helmut
diff -Nru sbuild-0.85.8/debian/changelog sbuild-0.85.8+nmu1/debian/changelog --- sbuild-0.85.8/debian/changelog 2024-04-25 14:49:56.000000000 +0200 +++ sbuild-0.85.8+nmu1/debian/changelog 2024-05-16 23:02:54.000000000 +0200 @@ -1,3 +1,10 @@ +sbuild (0.85.8+nmu1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Do not expose /sys/kernel in the unshare backend. (Closes: #-1) + + -- Helmut Grohne <hel...@subdivi.de> Thu, 16 May 2024 23:02:54 +0200 + sbuild (0.85.8) unstable; urgency=medium [ Aurelien Jarno ] diff -Nru sbuild-0.85.8/lib/Sbuild/ChrootUnshare.pm sbuild-0.85.8+nmu1/lib/Sbuild/ChrootUnshare.pm --- sbuild-0.85.8/lib/Sbuild/ChrootUnshare.pm 2024-04-25 14:49:56.000000000 +0200 +++ sbuild-0.85.8+nmu1/lib/Sbuild/ChrootUnshare.pm 2024-05-16 22:55:25.000000000 +0200 @@ -337,6 +337,7 @@ mount -t tmpfs tmpfs \"\$rootdir/dev/shm\"; mkdir -p \"\$rootdir/sys\"; mount -o rbind /sys \"\$rootdir/sys\"; + mount -t tmpfs tmpfs \"\$rootdir/sys/kernel\" -o mode=0000,size=4k,ro mkdir -p \"\$rootdir/proc\"; mount -t proc proc \"\$rootdir/proc\"; exec /usr/sbin/chroot \"\$rootdir\" $init /sbin/runuser -u \"\$user\" -- sh -c \"cd \\\"\\\$1\\\" && shift && \\\"\\\$@\\\"\" -- \"\$dir\" \"\$@\";