Bug#1070436: autopkgtest-virt-schroot: error when using 'unshare --net' even though schroot allows this

Sun, 05 May 2024 11:12:14 -0700 

Hi Richard,

* Richard Lewis <richard.lewis.deb...@googlemail.com> [2024-05-05 11:32]:

If i try and run tests that use 'unshare --net' with a
schroot backend they fail inside autopkgtest even though
this works in the schroot being used.

This works fine in a 'plain schroot' (I expect i allowed
the calling user to run the schroot as root in the schroot
in /etc/schroot):

$ schroot --chroot chroot:unstable-amd64-sbuild --directory / --user root -- 
unshare --net --map-root-user ls
bin  boot  build  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  
sbin  srv  sys  tmp  usr  var


I can't reproduce this. Testing in a fresh debvm:

$ debvm-create --size=2G --release=stable -- \
    --include=sbuild,schroot,debootstrap,autopkgtest \
    --hook-dir=/usr/share/mmdebstrap/hooks/useradd
$ debvm-run
# echo "inside debvm"
# sbuild-createchroot unstable /srv/chroot/unstable-amd64-sbuild \
    http://deb.debian.org/debian
# sbuild-adduser user
# su - user
$ schroot --chroot chroot:unstable-amd64-sbuild --directory / --user root -- 
unshare --net --map-root-user ls
unshare: unshare failed: Operation not permitted

Do you have any idea why it works for you?


But if i have an autopkgtest with eg a debian/tests/control with

Test-Command: unshare --map-root-user --net ./debian/tests/foo
Depends: @
Features: test-name=foo
Restrictions: needs-root
This looks odd. If you only want to unshare the network, as stated in the bug title, you neither need --map-root-user nor needs-root. Indeed dropping both makes it work for me. Can you give some background what you actually want to do here? 


then even adding '--user root' doesnt work:

$ /usr/bin/autopkgtest package.changes --user root -- schroot 
unstable-amd64-sbuild
I guess this is due to autopkgtest-virt-schroot starts an schroot session but I can't verify without reproducing your example without a session. 


i get errors like

unshare: unshare failed: Operation not permitted


This maps to unshare(2) returning EPERM. From the manpage:
| CLONE_NEWUSER was specified in flags and the caller is in a chroot | environment (i.e., the caller's root directory does not match the root | directory of the mount namespace in which it resides). 

I think this is what happens here.
Over all I think using unshare --map-root-user in autopkgtest-virt-schroot is not supported and I don't think there is a way around that except using a different autopkgtest backend. 

Cheers Jochen

Attachment: signature.asc
Description: PGP signature

Reply via email to