[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#850967: Clarify /usr/bin/foo should not be hardcoded even in upstream parts

Philip Hands writes:
> I stumbled across 'proot' while looking into the background for this,
> which seems to be able to provide the effect of a bind mount without
> needing root privilege, and would presumably deal with Ian's original
> problem quite nicely.

If you enable unprivileged user namespaces (the upstream kernel default;
disabled by a Debian patch if I remember correctly), you can just use
`unshare` and `mount --bind` on Linux:

  # echo 1 > /proc/sys/kernel/unprivileged_userns_clone

  $ unshare -r -m /bin/sh -c 'mount --bind /usr/bin/gpg /usr/bin/true; /usr/bin/true --version'
  gpg (GnuPG) 2.1.17


Reply to: