Bug#1031222: marked as done (mounting /proc silently fails and thus systemd-tmpfiles is skipped with unshared mount namespace on privileged docker (like salsaci))

To: Johannes Schauer Marin Rodrigues <josch@debian.org>
Subject: Bug#1031222: marked as done (mounting /proc silently fails and thus systemd-tmpfiles is skipped with unshared mount namespace on privileged docker (like salsaci))
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sun, 20 Aug 2023 20:15:17 +0000
Message-id: <[🔎] handler.1031222.D1031222.1692562412892984.ackdone@bugs.debian.org>
Reply-to: 1031222@bugs.debian.org
References: <169256240853.35162.1325220396245934804@localhost> <167629352449.310343.7895018173748292077.reportbug@localhost>

Your message dated Sun, 20 Aug 2023 22:13:28 +0200
with message-id <169256240853.35162.1325220396245934804@localhost>
and subject line Re: mounting /proc silently fails and thus systemd-tmpfiles is skipped with unshared mount namespace on privileged docker (like salsaci)
has caused the Debian Bug report #1031222,
regarding mounting /proc silently fails and thus systemd-tmpfiles is skipped with unshared mount namespace on privileged docker (like salsaci)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1031222: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031222
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: mounting /proc silently fails and thus systemd-tmpfiles is skipped with unshared mount namespace on privileged docker (like salsaci)
From: Johannes Schauer Marin Rodrigues <josch@debian.org>
Date: Mon, 13 Feb 2023 14:05:24 +0100
Message-id: <167629352449.310343.7895018173748292077.reportbug@localhost>

Package: debootstrap
Version: 1.0.128+nmu2
Severity: normal
Tags: patch
Control: affects -1 + mmdebstrap

Hi,

steps to reproduce:

runuser -u debci -- mmdebstrap --variant=custom --mode=unshare --setup-hook='container=lxc debootstrap unstable "$1"' - chroot.tar

Run this inside a privileged docker container (like in a salsaci autopkgtest)
and observe how the following files are missing from chroot.tar:

/etc/mtab
/root/.ssh
/run/lock/subsys
/var/cache/private
/var/lib/private
/var/lib/systemd/coredump
/var/lib/systemd/pstore
/var/log/README
/var/log/private

All of these would be created by systemd-tmpfiles. They are not created because
(after setting SYSTEMD_LOG_LEVEL=debug):

/proc/ is not mounted, but required for successful operation of systemd-tmpfiles. Please mount /proc/. Alternatively, consider using the --root= or --image= switches.

This is because debootstrap runs "mount -t proc proc /proc". This does not work
inside an unshared mount namespace inside privileged docker (like salsaci). See
this other bug for a handy table about how to mount /proc:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030625#16

As shown in that table, this can be resolved by falling back to bind-mounting
/proc if mounting it normally didn't work. I implemented that in this merge request:

https://salsa.debian.org/installer-team/debootstrap/-/merge_requests/91

Thanks!

cheers, josch

--- End Message ---

--- Begin Message ---

To: 1031222-done@bugs.debian.org
Subject: Re: mounting /proc silently fails and thus systemd-tmpfiles is skipped with unshared mount namespace on privileged docker (like salsaci)
From: Johannes Schauer Marin Rodrigues <josch@debian.org>
Date: Sun, 20 Aug 2023 22:13:28 +0200
Message-id: <169256240853.35162.1325220396245934804@localhost>
In-reply-to: <167629352449.310343.7895018173748292077.reportbug@localhost>
References: <167629352449.310343.7895018173748292077.reportbug@localhost>

Version: 1.0.128+nmu3

Quoting Johannes Schauer Marin Rodrigues (2023-02-13 14:05:24)
> steps to reproduce:
> 
> runuser -u debci -- mmdebstrap --variant=custom --mode=unshare --setup-hook='container=lxc debootstrap unstable "$1"' - chroot.tar
> 
> Run this inside a privileged docker container (like in a salsaci autopkgtest)
> and observe how the following files are missing from chroot.tar:
> 
> /etc/mtab
> /root/.ssh
> /run/lock/subsys
> /var/cache/private
> /var/lib/private
> /var/lib/systemd/coredump
> /var/lib/systemd/pstore
> /var/log/README
> /var/log/private
> 
> All of these would be created by systemd-tmpfiles. They are not created because
> (after setting SYSTEMD_LOG_LEVEL=debug):
> 
> /proc/ is not mounted, but required for successful operation of systemd-tmpfiles. Please mount /proc/. Alternatively, consider using the --root= or --image= switches.
> 
> This is because debootstrap runs "mount -t proc proc /proc". This does not work
> inside an unshared mount namespace inside privileged docker (like salsaci). See
> this other bug for a handy table about how to mount /proc:
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030625#16
> 
> As shown in that table, this can be resolved by falling back to bind-mounting
> /proc if mounting it normally didn't work. I implemented that in this merge request:
> 
> https://salsa.debian.org/installer-team/debootstrap/-/merge_requests/91

the merge request was merged by Luca Boccassi (thank you!) and thus this bug
can be closed.

cheers, josch

Attachment: signature.asc
Description: signature

--- End Message ---

Reply to:

Prev by Date: debootstrap_1.0.131_source.changes ACCEPTED into unstable
Next by Date: Bug#1031183: grub-installer: postinst fails if efivarfs cannot be mounted
Previous by thread: debootstrap_1.0.131_source.changes ACCEPTED into unstable
Next by thread: Bug#1031183: grub-installer: postinst fails if efivarfs cannot be mounted
Index(es):
- Date
- Thread