Your message dated Sun, 20 Aug 2023 22:13:28 +0200
with message-id <169256240853.35162.1325220396245934804@localhost>
and subject line Re: mounting /proc silently fails and thus systemd-tmpfiles is
skipped with unshared mount namespace on privileged docker (like salsaci)
has caused the Debian Bug report #1031222,
regarding mounting /proc silently fails and thus systemd-tmpfiles is skipped
with unshared mount namespace on privileged docker (like salsaci)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1031222: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031222
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: debootstrap
Version: 1.0.128+nmu2
Severity: normal
Tags: patch
Control: affects -1 + mmdebstrap
Hi,
steps to reproduce:
runuser -u debci -- mmdebstrap --variant=custom --mode=unshare
--setup-hook='container=lxc debootstrap unstable "$1"' - chroot.tar
Run this inside a privileged docker container (like in a salsaci autopkgtest)
and observe how the following files are missing from chroot.tar:
/etc/mtab
/root/.ssh
/run/lock/subsys
/var/cache/private
/var/lib/private
/var/lib/systemd/coredump
/var/lib/systemd/pstore
/var/log/README
/var/log/private
All of these would be created by systemd-tmpfiles. They are not created because
(after setting SYSTEMD_LOG_LEVEL=debug):
/proc/ is not mounted, but required for successful operation of
systemd-tmpfiles. Please mount /proc/. Alternatively, consider using the
--root= or --image= switches.
This is because debootstrap runs "mount -t proc proc /proc". This does not work
inside an unshared mount namespace inside privileged docker (like salsaci). See
this other bug for a handy table about how to mount /proc:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030625#16
As shown in that table, this can be resolved by falling back to bind-mounting
/proc if mounting it normally didn't work. I implemented that in this merge
request:
https://salsa.debian.org/installer-team/debootstrap/-/merge_requests/91
Thanks!
cheers, josch
--- End Message ---
--- Begin Message ---
Version: 1.0.128+nmu3
Quoting Johannes Schauer Marin Rodrigues (2023-02-13 14:05:24)
> steps to reproduce:
>
> runuser -u debci -- mmdebstrap --variant=custom --mode=unshare
> --setup-hook='container=lxc debootstrap unstable "$1"' - chroot.tar
>
> Run this inside a privileged docker container (like in a salsaci autopkgtest)
> and observe how the following files are missing from chroot.tar:
>
> /etc/mtab
> /root/.ssh
> /run/lock/subsys
> /var/cache/private
> /var/lib/private
> /var/lib/systemd/coredump
> /var/lib/systemd/pstore
> /var/log/README
> /var/log/private
>
> All of these would be created by systemd-tmpfiles. They are not created
> because
> (after setting SYSTEMD_LOG_LEVEL=debug):
>
> /proc/ is not mounted, but required for successful operation of
> systemd-tmpfiles. Please mount /proc/. Alternatively, consider using the
> --root= or --image= switches.
>
> This is because debootstrap runs "mount -t proc proc /proc". This does not
> work
> inside an unshared mount namespace inside privileged docker (like salsaci).
> See
> this other bug for a handy table about how to mount /proc:
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030625#16
>
> As shown in that table, this can be resolved by falling back to bind-mounting
> /proc if mounting it normally didn't work. I implemented that in this merge
> request:
>
> https://salsa.debian.org/installer-team/debootstrap/-/merge_requests/91
the merge request was merged by Luca Boccassi (thank you!) and thus this bug
can be closed.
cheers, josch
signature.asc
Description: signature
--- End Message ---
