Package: fai-client Version: 5.10.3 Severity: important Starting with FAI v5.10, it uses:
ROOTCMD="unshare --pid --fork --kill-child --mount-proc chroot $FAI_ROOT" Though fai-client only recommends: Recommends: libgraph-perl, fdisk | util-linux (<< 2.29.2-3~) unshare(1) on e.g. Debian/stretch doesn't know the --kill-child option yet though. So it actually "Depends: util-linux >=2.32-0.1~" (the first Debian package version that shipped support for the --kill-child option). Furthermore this ROOTCMD setting with unshare fails in e.g. unprivileged docker containers: | root@f6c0db65ee69:/code/# unshare --pid --fork --kill-child --mount-proc chroot / ls | unshare: unshare failed: Operation not permitted It would be nice, if ROOTCMD isn't assumed to always work as such, and provide an option to either use the old setting (ROOTCMD="chroot $FAI_ROOT") or allow manually configuring it. regards -mika-