Hi Richard, * Richard Lewis <richard.lewis.deb...@googlemail.com> [2024-05-05 11:32]:
If i try and run tests that use 'unshare --net' with a schroot backend they fail inside autopkgtest even though this works in the schroot being used.This works fine in a 'plain schroot' (I expect i allowed the calling user to run the schroot as root in the schroot in /etc/schroot): $ schroot --chroot chroot:unstable-amd64-sbuild --directory / --user root -- unshare --net --map-root-user ls bin boot build dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
I can't reproduce this. Testing in a fresh debvm: $ debvm-create --size=2G --release=stable -- \ --include=sbuild,schroot,debootstrap,autopkgtest \ --hook-dir=/usr/share/mmdebstrap/hooks/useradd $ debvm-run # echo "inside debvm" # sbuild-createchroot unstable /srv/chroot/unstable-amd64-sbuild \ http://deb.debian.org/debian # sbuild-adduser user # su - user $ schroot --chroot chroot:unstable-amd64-sbuild --directory / --user root -- unshare --net --map-root-user ls unshare: unshare failed: Operation not permitted Do you have any idea why it works for you?
But if i have an autopkgtest with eg a debian/tests/control with Test-Command: unshare --map-root-user --net ./debian/tests/foo Depends: @ Features: test-name=foo Restrictions: needs-root
This looks odd. If you only want to unshare the network, as stated in the bug title, you neither need --map-root-user nor needs-root. Indeed dropping both makes it work for me. Can you give some background what you actually want to do here?
then even adding '--user root' doesnt work: $ /usr/bin/autopkgtest package.changes --user root -- schroot unstable-amd64-sbuild
I guess this is due to autopkgtest-virt-schroot starts an schroot session but I can't verify without reproducing your example without a session.
i get errors like unshare: unshare failed: Operation not permitted
This maps to unshare(2) returning EPERM. From the manpage:| CLONE_NEWUSER was specified in flags and the caller is in a chroot | environment (i.e., the caller's root directory does not match the root | directory of the mount namespace in which it resides).
I think this is what happens here.Over all I think using unshare --map-root-user in autopkgtest-virt-schroot is not supported and I don't think there is a way around that except using a different autopkgtest backend.
Cheers Jochen
signature.asc
Description: PGP signature